create a config for apache to load the mod_cband
[+]
Copy to clipboard
#this config works for mod_cband 0.9.7.5
#on gentoo linux this file may be called /etc/apache2/modules.d/10_mod_cband.conf for example
#create a htpasswd file and edit <yourdir> to match your location
#on gentoo add -D CBAND to APACHE2_OPTS in /etc/conf.d/apache2 before restarting the webserver
<IfDefine CBAND>
<IfModule !mod_cband.c>
LoadModule cband_module modules/mod_cband.so
</IfModule>
</IfDefine>
<IfModule mod_cband.c>
<Location /cband-status>
SetHandler cband-status
AuthType Basic
AuthName "CBand Stats"
AuthUserFile <yourdir>/.htpasswd
require user <youruser>
Order deny,allow
Deny from All
Satisfy Any
</Location>
<CBandClass bots_class>
CBandClassDst 217.20.122.50
CBandClassDst 66.154.102.171
CBandClassDst 66.249.66/24
CBandClassDst 195.70.36.184
</CBandClass>
## Some defaults:
#
# CBandDefaultExceededURL http://www.google.com
# CBandScoreFlushPeriod 100
#
## And in virtual host configuration to limit it's speed:
#
# <VirtualHost *:80>
# DocumentRoot /var/www/example.com/htdocs
# ServerName www.example.com
# <IfModule mod_cband.c>
# CBandLimit 600M
# CBandExceededURL http://www.example.com/ex1.html
# CBandScoreboard /var/run/mod_cband.example.com.scoreboa$
# CBandPeriod 200S
#
# # 100kb/s, 10 request/s, max 5 connections
# CBandSpeed 100kb 10 5
#
# # 10kb/s, 3 request/s -> speed limit for any remote cli$
# CBandRemoteSpeed 10kb/s 3 5
# </IfModule>
# </VirtualHost>
</IfModule>
create /etc/apache2/cband-limit.conf to define rate limits for vhosts
[+]
Copy to clipboard
<IfModule mod_cband.c>
CBandSpeed 1Mbps 20 40
CBandRemoteSpeed 512kbps 8 10
CBandClassRemoteSpeed bots_class 50kbps 3 4
CBandClassLimit bots_class 500M
</IfModule>
add the cband-limits to each one of your vhosts
[+]
Copy to clipboard
<VirtualHost *:80>
...
Include conf/cband-limit.conf
</VirtualHost>
restart apache
implement more TikiSecurity
;){kind=link}
;){kind=link}