Home » Apache, Debian, Featured, How-to, Newbie, Tuning

Compile, install and run mod_limitipconn for Apache2 under Debian

22 June 2009 3 Comments

Limiting abusers from running 20 download threads from the same Apache server is easy now with mod_limitipconn. But the apache 2 module, mod_limitipconn, is not available under the latest Debian distribution, Lenny. In this mini how-to I will show you how-to manage this module to work for Debian Lenny users. The compile process of mod_limitipconn is a little bit more than “make install”.
First install apache prefork development utilities (we need apxs2 to compile our module)

[rb@randombugs]# apt-get install apache2-prefork-dev

After that, download source code of iplimit module from http://dominia.org/djao/limitipconn2.html and unpack it

[rb@randombugs]# tar xjvf mod_limitipconn-0.23.tar.bz2
[rb@randombugs]# cd mod_limitipconn-0.23

Now open Makefile with an editor and change APXS=apxs to APXS=apxs2. Save the file and run make.

[rb@randombugs]# make
apxs2 -c mod_limitipconn.c
/usr/share/apr-1.0/build/libtool –silent –mode=compile –tag=disable-static i486-linux-gnu-gcc -prefer-pic -DLINUX=2 -D_GNU_SOURCE -D_LARGEFILE64_SOURCE -D_REENTRANT -I/usr/include/apr-1.0 -I/usr/include/mysql -I/usr/include/openssl -I/usr/include/postgresql -I/usr/include/xmltok -pthread -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include/postgresql -I/usr/include/mysql -c -o mod_limitipconn.lo mod_limitipconn.c && touch mod_limitipconn.slo
/usr/share/apr-1.0/build/libtool –silent –mode=link –tag=disable-static i486-linux-gnu-gcc -o mod_limitipconn.la -rpath /usr/lib/apache2/modules -module -avoid-version mod_limitipconn.lo

If you don’t have make or any other compiler tool just run

[rb@randombugs]# apt-get install build-essentials

Normally the module should compile without any problem. If all succeed copy the module in apache2 modules folder.

[rb@randombugs]# cp .libs/mod_limitipconn.so /usr/lib/apache2/modules/

Now create limitipconn.load and limitipconn.conf in /etc/apache2/mods-available/ with the following content


ExtendedStatus On
LoadModule limitipconn_module /usr/lib/apache2/modules/mod_limitipconn.so


# Example config for limitipconn
<IfModule mod_limitipconn.c>
<Location />
MaxConnPerIP 10
NoIPLimit image/*

mod_limitipconn is based on mod_status and for that you will need to enable both modules

[rb@randombugs]# a2enmod limitipconn
Enabling module limitipconn.
Run ‘/etc/init.d/apache2 restart’ to activate new configuration!
[rb@randombugs]# a2enmod status
Enabling module status.
Run ‘/etc/init.d/apache2 restart’ to activate new configuration!

After restarting apache ,your configuration will limit an IP at 10 connections simultaneously. Now depends on you on how many connections do you want to allow. Based on the Readme found on the limitipconn packages I will show you some quick examples

Example 1
You can limit globally your server at 10 connections per IP, let the /images/ folder without limit and limit your movies folder at 1 connection per IP.

<Location />
# global per-directory settings here
MaxConnPerIP 10
<Location /images>
# local per-directory settings here
NoIPLimit images/*

<Location /movies>
# local per-directory settings here
MaxConnPerIP 2

Example 2
You can limit globally your server at 10 connections per IP, and all movies from /home/*/public_html to just 1 connection per IP

<Location />
# global per-directory settings here
MaxConnPerIP 5
<Directory /home/*/public_html>
# local per-directory settings here
MaxConnPerIP 1
OnlyIPLimit audio/mpeg video

As you can see the mod_limitipconn know to do limitations based on mime type. For more informations just follow the README from limitipconn

Good Luck!


  • Oleg Reva said:

    Thank you very match!

  • Steve said:

    Even though I created alias paths to APXS2 in .bashrc, I couldn’t get make to compile the source. Then, thanks to you, I tried changing the beginning of Makefile from APXS=apxs to APXS=apxs2. Then it worked!


  • admin (author) said:

    I’m glad is working 🙂


Leave your response!

Add your comment below, or trackback from your own site. You can also subscribe to these comments via RSS.

Be nice. Keep it clean. Stay on topic. No spam.

You can use these tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This is a Gravatar-enabled weblog. To get your own globally-recognized-avatar, please register at Gravatar.