Question posted in
Some documentation to get you started can be found here.

Is there a setting to set too many requests? – Apache

I am programming in PHP and I am wondering if there is a way to set up too many requests or does this need to be coded up manually? For example, if someone has opened 30 pages in 60 seconds, that is too many requests (and they may potentially be a bot), thus they get sent a too many requests HTTP status code.

If it is supposed to be done manually, what is the best practice to set up something like this?

Tags:

2

Answers


  1. 0

    You could try using ratelimit by Apache.

    Here is a sample provided by Apache. The rate limit is 400kb/second for the particular IP.

    <Location "/downloads">
    SetOutputFilter RATE_LIMIT
    SetEnv rate-limit 400 
</Location>

    More specifically, you can try a module like Mod Evasive to prevent multiple requests from accessing the server. You can use a product like CloudFlare to mitigate DDOS attacks.

    If you really want to use PHP for this you can log the amount of requests from a given IP, and if requests from that IP is greater than a certain value, you can block the IP from accessing your page.

    To do this, you can store the IP addresses in a database along with a date column indicating when they accessed your page, and calculate aggregates of their access in a particular period using SQL.

    Login or Signup to reply.
  2. 0

    Just for anyone that might not be using apache here is the nginx documenation
    https://docs.nginx.com/nginx/admin-guide/security-controls/controlling-access-proxied-http/

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search