: How should the maximum concurrent connections from a single IP address be calculated? I am trying to implement a limit on the maximum number of concurrent connections a server can accept from

@Kimberly868

If you are using Apache webserver then you could use the mod_security module and SecAction directive to apply rate limiting to requests by IP address.

For example (includes configuration script):


John Leach's Blog: Rate limiting with Apache and mod_security




Edited on 05-Nov-2014 following feedback:


Before imposing any limits, monitor the actual useage over a period of a week or a month (depending on how your traffic patterns look in Google Analytics).
Set an upper threshold limit, most people I speak to set it as your typical maximum usage plus between 5 and 25% but this really comes down to preference, and trial-and-error to see what works best for your website. I actually tend to set limits quite high such as at double or even sometimes more than double the normal usage since I know the server can handle it and the availability is the most important factor for me, but I trigger security alert messages when anything more than 5% happens so that I can closely watch or review logs and see if an attack is in progress. If you have the benefit of an enterprise-grade hardware firewall providing much greater protection against DoS/DDoS attacks then you may wish to configure your mod_security a little more generous with rate limits since most of the time attacks will be stopped before they reach your server, and pay closer attention to your hardware firewall logs and configuration.
Regularly check logs to see if your threshold needs to be increased or reduced in order to strike the right balance between correct operation of your website and protecting it from attacks.

Vote Up Vote Down