Apache mod_qos module with SetEnvIfPlus
Apache mod_qos module
I was asked to implement rate limiting on Apache and my first thought was mod_sec. Mod_sec turned out to be too complicated with too much of an overhead. Something lighter and easier should be sought. mod_qos worked :)
After installing the modules - qos setenvif setenvifplus - add this into your conf.d/mod_qos.conf,
SetEnvIfPlus Request_URI %string% QS_Limit QS_ClientEventLimitCount 5 10 QS_ErrorResponseCode 509 <Location /> ResponseSetEnvIfPlus QS_ErrorNotes 067 RATELIMITED=1 ResponseHeaderPlus set Retry-After 10 env=RATELIMITED </Location>
Checks if more than 5 requests witin 10 seconds with %string%, and sends back http code 509 and a message asking to retry 10 seconds later.
Play nice please with my web server.