Aug 11 2008

[Linux] Limiting download speed and number of connections per IP with mod_choke (Apache 1.x)

Category: Articles,Linux administrationFractalizeR @ 1:47 am

If you have many greedy users downloading files from your server using many streams per user, you can fight them easily with mod_choke Apache 1.x module. It is very easy. The article assumes your server is running under CPanel/WHM

Just solved this task and want to share with you

Requirements:

– Apache 1.3.x.
– apxs utility installed (usually at /usr/local/apache/bin/apxs)

Step 1. Downloading and installing mod_choke

– SSH to your server
cd /usr/local
mkdir mod_choke
cd mod_choke
wget http://os.cyberheatinc.com/mod_choke…ke-0.07.tar.gz
tar -zxvf mod_choke-0.07.tar.gz
cd mod_choke-0.07
– Edit file named Makefile with your favourite editor (edit, vi, nano, whatever. I am using mc for that). Locate the like APXS=apxs at the beginning of this file. Replace apxs with the full path to your apxs. On my machine (CentOS) it is /usr/local/apache/bin/apxs. So at that line you should have something like this:
APXS=/usr/local/apache/bin/apxs

– Save file and exit
make
make install
Your mod_choke is now compiled.

Step 2. Configuring mod_choke

– Open your httpd.conf with your favourite editor. Ensure LoadModule choke_module directive is there.
– Scroll to the very end of your file. Add the following line to the end of the file:
Include=”/usr/local/apache/conf/includes/mod_choke.conf”
You can place mod_conf at any directory on your server, but I prefer following CPanel/WHM conventions.
– Save httpd.conf and exit.
– Open mod_choke.conf.
– Now look to README file that comes with mod_choke. It is very easy to understand. Just remember, that mod_choke.conf is a regular Apache configuration file. Nothing more.
– Save your mod_choke.conf.

Step 3. Securing mod_choke

Remember <Location /choke-status> line in the example? If you now will restart apache now and open URL www.yourservername.com/choke-status you will indeed see choke status, that is now available for everyone! And it is not something we desire, right? Let’s password protect this.
– Go to your CPanel -> Password Protect Directories. Protect ANY directory on your server with password. If you already have directories protected with login/pass you want to protect choke status, just proceed to next step.
– Open your mod_choke.conf and make the Location tag looks like this:

Code:
<Location /choke-status>
    SetHandler choke-status
    AuthType Basic
    AuthName "WHAT DO YOU NEED HERE???"
    AuthUserFile "/home/support/.htpasswds/public_html/admin/passwd"
    require valid-user
</Location>

Replace public_html/admin with the full path to directory you protected with password relative to your homedir. You can also make required password file yourself if you know how to

Step 4. Making httpd.conf changes permanent

Sometimes after rebuilding apache or upgrading CPanel changes to httpd.conf are gone (it happens with EasyApache 3 which comes with latest WHM/Cpanel 11). To make them permanent you can issue command
/usr/local/cpanel/bin/apache_conf_distiller –update –main
This will make changes you made permanent. However, it is easy to reapply them manually. You can just repeat
make install at mod_choke source directory (see above) and add that Include line to httpd.conf

Step 5. Applying all

Ok. Now we did all we wanted to. Let’s now enable all settings.
service httpd restart

Apache will restart. Now you can navigate to www.yourservername.com/choke-status to ensure your mod_choke is really working.

The all above was tested on CentOS 4.4 and 4.6 server with latest WHM 11.15.0 cPanel 11.17.0-S19434 installed. It was also working on WHM/CPanel 10. I upgraded just serveral days ago.

Have a good greedy-user hunt!

This article is also published on official CPanel/WHM forum: http://forums.cpanel.net/showthread.php?t=75402

Leave a Reply

You must be logged in to post a comment. Login now.