Fli
04-25-2015, 04:22 PM
How to install Mod QOS Apache module on server with WHM/cpanel control panel?
It is done thru WHM/Software/EasyApache
Select current to customize current profile.
After selecting Mod_QoS module and finishing Build from EasyApache.
One can add Mod QoS configuration rules into Apache include file.
WHM » Service Configuration » Apache Configuration » Include Editor >> "Pre VirtualHost Include" >> "All versions"
There are several versions of the configuration one can add:
<IfModule mod_qos.c>
# handles connections from up to 100000 different IPs
QS_ClientEntries 100000
# allow only 20 connections per IP
QS_SrvMaxConnPerIP 20
# maximum number of active TCP connections is limited to 256
MaxClients 256
# disables keep-alive when 70% of the TCP connections are occupied:
QS_SrvMaxConnClose 180
# minimum request/response speed (deny slow clients blocking the server, ie. slowloris keeping connections open without requesting anything). Example: Requires a minimum of 150 bytes per second per connection, and limits the connection to 1200 bytes per second when the server reaches the MaxClients limit.:
QS_SrvMinDataRate 150 1200
# and limit request header and body (carefull, that limits uploads and post requests too):
# LimitRequestFields 30
# QS_LimitRequestBody 102400
#
# disables connection restrictions for certain clients like Google IP ranges:
QS_SrvMaxConnExcludeIP 1.2.3.4
QS_SrvMaxConnExcludeIP 64.233.
QS_SrvMaxConnExcludeIP 66.102.
QS_SrvMaxConnExcludeIP 66.249.
QS_SrvMaxConnExcludeIP 72.14.
QS_SrvMaxConnExcludeIP 74.125.
QS_SrvMaxConnExcludeIP 209.85.
QS_SrvMaxConnExcludeIP 216.239.
# restricts max concurrent requests for any location which has no individual rule:
QS_LocRequestLimitDefault 100
</IfModule>
<IfModule mod_qos.c>
QS_LocRequestLimitMatch ^/wp-login.php 5
QS_LocRequestPerSecLimitMatch ^/wp-login.php 1
# handles connections from up to 100000 different IPs
QS_ClientEntries 100000
# will allow only 50 connections per IP
QS_SrvMaxConnPerIP 50
# maximum number of active TCP connections is limited to 256
MaxClients 256
# disables keep-alive when 70% of the TCP connections are occupied:
QS_SrvMaxConnClose 70%
# minimum request/response speed (deny slow clients blocking the server, ie. slowloris keeping connections open without requesting anything):
QS_SrvMinDataRate 150 1200
# and limit request header and body (careful, that limits uploads and post requests too):
# LimitRequestFields 30
# QS_LimitRequestBody 102400
</IfModule>
<IfModule mod_qos.c>
# Connection level
#
# Maximum number of active TCP connections is limited to 256:
# (limited by the available memory,
# adjust the settings according to the used hardware)
MaxClients 256
#
# Disables keep-alive when 70% of the TCP connections are occupied
QS_SrvMaxConnClose 180
#
# Defines minimum upload/download throughput a client must generate
# in bytes per seconds before connection is closed.
# See comments further down below.
QS_SrvMinDataRate 150 1200
#
# Allow only 50 connection per IP address
QS_SrvMaxConnPerIP 50
# Block clients violating some basic rules frequently (don't allows more than 20
# violations within 5 minutes)
QS_ClientEventBlockCount 20 300
QS_SetEnvIfStatus 400 QS_Block
QS_SetEnvIfStatus 401 QS_Block
QS_SetEnvIfStatus 403 QS_Block
QS_SetEnvIfStatus 404 QS_Block
QS_SetEnvIfStatus 405 QS_Block
QS_SetEnvIfStatus 406 QS_Block
QS_SetEnvIfStatus 408 QS_Block
QS_SetEnvIfStatus 411 QS_Block
QS_SetEnvIfStatus 413 QS_Block
QS_SetEnvIfStatus 414 QS_Block
QS_SetEnvIfStatus 417 QS_Block
QS_SetEnvIfStatus 500 QS_Block
QS_SetEnvIfStatus 503 QS_Block
QS_SetEnvIfStatus 505 QS_Block
QS_SetEnvIfStatus QS_SrvMinDataRate QS_Block
QS_SetEnvIfStatus NullConnection QS_Block
#
#URL request level
#
# Limit concurrent request to location /app/images to 100
QS_LocRequestLimit /app/images 100
#
# Limit the download bandwidth in /app/downloads
QS_LocKBytesPerSecLimit /app/downloads 640
</IfModule>
After Updating that include file, one should be able to watch global apache error log file (/usr/local/apache/logs/error_log) for mod qos errors.. example i had these after applying mod qos rules and restarting apache:
[Sat Apr 25 15:02:25 2015] [notice] mod_qos(009): loaded MPM is 'Prefork' but mod_qos should be used with MPM 'Worker' only.
[Sat Apr 25 15:03:02 2015] [error] mod_qos(034): access denied, QS_SrvMinDataRate rule (in): min=242, this connection=65, c=130.63.124.25
[Sat Apr 25 15:03:18 2015] [error] mod_qos(034): access denied, QS_SrvMinDataRate rule (in): min=258, this connection=0, c=46.23.54.5
In WHM one should be able to see some stats in WHM / Server Status / Apache status, on the bottom of the page
It is done thru WHM/Software/EasyApache
Select current to customize current profile.
After selecting Mod_QoS module and finishing Build from EasyApache.
One can add Mod QoS configuration rules into Apache include file.
WHM » Service Configuration » Apache Configuration » Include Editor >> "Pre VirtualHost Include" >> "All versions"
There are several versions of the configuration one can add:
<IfModule mod_qos.c>
# handles connections from up to 100000 different IPs
QS_ClientEntries 100000
# allow only 20 connections per IP
QS_SrvMaxConnPerIP 20
# maximum number of active TCP connections is limited to 256
MaxClients 256
# disables keep-alive when 70% of the TCP connections are occupied:
QS_SrvMaxConnClose 180
# minimum request/response speed (deny slow clients blocking the server, ie. slowloris keeping connections open without requesting anything). Example: Requires a minimum of 150 bytes per second per connection, and limits the connection to 1200 bytes per second when the server reaches the MaxClients limit.:
QS_SrvMinDataRate 150 1200
# and limit request header and body (carefull, that limits uploads and post requests too):
# LimitRequestFields 30
# QS_LimitRequestBody 102400
#
# disables connection restrictions for certain clients like Google IP ranges:
QS_SrvMaxConnExcludeIP 1.2.3.4
QS_SrvMaxConnExcludeIP 64.233.
QS_SrvMaxConnExcludeIP 66.102.
QS_SrvMaxConnExcludeIP 66.249.
QS_SrvMaxConnExcludeIP 72.14.
QS_SrvMaxConnExcludeIP 74.125.
QS_SrvMaxConnExcludeIP 209.85.
QS_SrvMaxConnExcludeIP 216.239.
# restricts max concurrent requests for any location which has no individual rule:
QS_LocRequestLimitDefault 100
</IfModule>
<IfModule mod_qos.c>
QS_LocRequestLimitMatch ^/wp-login.php 5
QS_LocRequestPerSecLimitMatch ^/wp-login.php 1
# handles connections from up to 100000 different IPs
QS_ClientEntries 100000
# will allow only 50 connections per IP
QS_SrvMaxConnPerIP 50
# maximum number of active TCP connections is limited to 256
MaxClients 256
# disables keep-alive when 70% of the TCP connections are occupied:
QS_SrvMaxConnClose 70%
# minimum request/response speed (deny slow clients blocking the server, ie. slowloris keeping connections open without requesting anything):
QS_SrvMinDataRate 150 1200
# and limit request header and body (careful, that limits uploads and post requests too):
# LimitRequestFields 30
# QS_LimitRequestBody 102400
</IfModule>
<IfModule mod_qos.c>
# Connection level
#
# Maximum number of active TCP connections is limited to 256:
# (limited by the available memory,
# adjust the settings according to the used hardware)
MaxClients 256
#
# Disables keep-alive when 70% of the TCP connections are occupied
QS_SrvMaxConnClose 180
#
# Defines minimum upload/download throughput a client must generate
# in bytes per seconds before connection is closed.
# See comments further down below.
QS_SrvMinDataRate 150 1200
#
# Allow only 50 connection per IP address
QS_SrvMaxConnPerIP 50
# Block clients violating some basic rules frequently (don't allows more than 20
# violations within 5 minutes)
QS_ClientEventBlockCount 20 300
QS_SetEnvIfStatus 400 QS_Block
QS_SetEnvIfStatus 401 QS_Block
QS_SetEnvIfStatus 403 QS_Block
QS_SetEnvIfStatus 404 QS_Block
QS_SetEnvIfStatus 405 QS_Block
QS_SetEnvIfStatus 406 QS_Block
QS_SetEnvIfStatus 408 QS_Block
QS_SetEnvIfStatus 411 QS_Block
QS_SetEnvIfStatus 413 QS_Block
QS_SetEnvIfStatus 414 QS_Block
QS_SetEnvIfStatus 417 QS_Block
QS_SetEnvIfStatus 500 QS_Block
QS_SetEnvIfStatus 503 QS_Block
QS_SetEnvIfStatus 505 QS_Block
QS_SetEnvIfStatus QS_SrvMinDataRate QS_Block
QS_SetEnvIfStatus NullConnection QS_Block
#
#URL request level
#
# Limit concurrent request to location /app/images to 100
QS_LocRequestLimit /app/images 100
#
# Limit the download bandwidth in /app/downloads
QS_LocKBytesPerSecLimit /app/downloads 640
</IfModule>
After Updating that include file, one should be able to watch global apache error log file (/usr/local/apache/logs/error_log) for mod qos errors.. example i had these after applying mod qos rules and restarting apache:
[Sat Apr 25 15:02:25 2015] [notice] mod_qos(009): loaded MPM is 'Prefork' but mod_qos should be used with MPM 'Worker' only.
[Sat Apr 25 15:03:02 2015] [error] mod_qos(034): access denied, QS_SrvMinDataRate rule (in): min=242, this connection=65, c=130.63.124.25
[Sat Apr 25 15:03:18 2015] [error] mod_qos(034): access denied, QS_SrvMinDataRate rule (in): min=258, this connection=0, c=46.23.54.5
In WHM one should be able to see some stats in WHM / Server Status / Apache status, on the bottom of the page