Advertisement: Linux VPS for $4/month - based on OpenVZ, credit card accepted, automatic setup.
+ Post New Thread
Results 1 to 2 of 2

Thread: cPanel/WHM: Apache Mod_QoS - Quality of Service module install & configuration

  1. #1
    Administrator Fli's Avatar
    Join Date
    Mar 2013
    Posts
    2,349
    Post Thanks / Like
    Blog Entries
    1

    cPanel/WHM: Apache Mod_QoS - Quality of Service module install & configuration



    How to install Mod QOS Apache module on server with WHM/cpanel control panel?

    It is done thru WHM/Software/EasyApache
    Select current to customize current profile.
    After selecting Mod_QoS module and finishing Build from EasyApache.

    One can add Mod QoS configuration rules into Apache include file.
    WHM Service Configuration Apache Configuration Include Editor >> "Pre VirtualHost Include" >> "All versions"

    There are several versions of the configuration one can add:

    <IfModule mod_qos.c>
    # handles connections from up to 100000 different IPs
    QS_ClientEntries 100000
    # allow only 20 connections per IP
    QS_SrvMaxConnPerIP 20
    # maximum number of active TCP connections is limited to 256
    MaxClients 256
    # disables keep-alive when 70% of the TCP connections are occupied:
    QS_SrvMaxConnClose 180
    # minimum request/response speed (deny slow clients blocking the server, ie. slowloris keeping connections open without requesting anything). Example: Requires a minimum of 150 bytes per second per connection, and limits the connection to 1200 bytes per second when the server reaches the MaxClients limit.:
    QS_SrvMinDataRate 150 1200
    # and limit request header and body (carefull, that limits uploads and post requests too):
    # LimitRequestFields 30
    # QS_LimitRequestBody 102400
    #
    # disables connection restrictions for certain clients like Google IP ranges:
    QS_SrvMaxConnExcludeIP 1.2.3.4
    QS_SrvMaxConnExcludeIP 64.233.
    QS_SrvMaxConnExcludeIP 66.102.
    QS_SrvMaxConnExcludeIP 66.249.
    QS_SrvMaxConnExcludeIP 72.14.
    QS_SrvMaxConnExcludeIP 74.125.
    QS_SrvMaxConnExcludeIP 209.85.
    QS_SrvMaxConnExcludeIP 216.239.
    # restricts max concurrent requests for any location which has no individual rule:
    QS_LocRequestLimitDefault 100
    </IfModule>




    <IfModule mod_qos.c>
    QS_LocRequestLimitMatch ^/wp-login.php 5
    QS_LocRequestPerSecLimitMatch ^/wp-login.php 1
    # handles connections from up to 100000 different IPs
    QS_ClientEntries 100000
    # will allow only 50 connections per IP
    QS_SrvMaxConnPerIP 50
    # maximum number of active TCP connections is limited to 256
    MaxClients 256
    # disables keep-alive when 70% of the TCP connections are occupied:
    QS_SrvMaxConnClose 70%
    # minimum request/response speed (deny slow clients blocking the server, ie. slowloris keeping connections open without requesting anything):
    QS_SrvMinDataRate 150 1200
    # and limit request header and body (careful, that limits uploads and post requests too):
    # LimitRequestFields 30
    # QS_LimitRequestBody 102400
    </IfModule>




    <IfModule mod_qos.c>
    # Connection level
    #
    # Maximum number of active TCP connections is limited to 256:
    # (limited by the available memory,
    # adjust the settings according to the used hardware)
    MaxClients 256
    #
    # Disables keep-alive when 70% of the TCP connections are occupied
    QS_SrvMaxConnClose 180
    #

    # Defines minimum upload/download throughput a client must generate
    # in bytes per seconds before connection is closed.
    # See comments further down below.
    QS_SrvMinDataRate 150 1200
    #
    # Allow only 50 connection per IP address
    QS_SrvMaxConnPerIP 50

    # Block clients violating some basic rules frequently (don't allows more than 20
    # violations within 5 minutes)
    QS_ClientEventBlockCount 20 300
    QS_SetEnvIfStatus 400 QS_Block
    QS_SetEnvIfStatus 401 QS_Block
    QS_SetEnvIfStatus 403 QS_Block
    QS_SetEnvIfStatus 404 QS_Block
    QS_SetEnvIfStatus 405 QS_Block
    QS_SetEnvIfStatus 406 QS_Block
    QS_SetEnvIfStatus 408 QS_Block
    QS_SetEnvIfStatus 411 QS_Block
    QS_SetEnvIfStatus 413 QS_Block
    QS_SetEnvIfStatus 414 QS_Block
    QS_SetEnvIfStatus 417 QS_Block
    QS_SetEnvIfStatus 500 QS_Block
    QS_SetEnvIfStatus 503 QS_Block
    QS_SetEnvIfStatus 505 QS_Block
    QS_SetEnvIfStatus QS_SrvMinDataRate QS_Block
    QS_SetEnvIfStatus NullConnection QS_Block
    #
    #URL request level
    #
    # Limit concurrent request to location /app/images to 100
    QS_LocRequestLimit /app/images 100
    #
    # Limit the download bandwidth in /app/downloads
    QS_LocKBytesPerSecLimit /app/downloads 640
    </IfModule>


    After Updating that include file, one should be able to watch global apache error log file (/usr/local/apache/logs/error_log) for mod qos errors.. example i had these after applying mod qos rules and restarting apache:
    [Sat Apr 25 15:02:25 2015] [notice] mod_qos(009): loaded MPM is 'Prefork' but mod_qos should be used with MPM 'Worker' only.
    [Sat Apr 25 15:03:02 2015] [error] mod_qos(034): access denied, QS_SrvMinDataRate rule (in): min=242, this connection=65, c=130.63.124.25
    [Sat Apr 25 15:03:18 2015] [error] mod_qos(034): access denied, QS_SrvMinDataRate rule (in): min=258, this connection=0, c=46.23.54.5
    In WHM one should be able to see some stats in WHM / Server Status / Apache status, on the bottom of the page

  2. #2
    Junior Member onliveserver's Avatar
    Join Date
    Jun 2017
    Location
    Ghaziabad
    Posts
    8
    Post Thanks / Like


    Is this useful / helpfull? Yes | No
    Hello,

    It is security based modules for Apache, there are alternative option for these tool like CSF/Firewall. You can manage ip setting and all filtering setting in CSF.
    Onlive Server is giving high performance Cheap Dedicated Servers, VPS Hosting Servers, Cloud Servers and Web Hosting services. Skype : ONLIVEINFOTECH

+ Post New Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
 Protected by : ZB BLOCK  &  StopForumSpam