Help us understand the problem. What is going on with this article?

帯域制限モジュール mod_qos

More than 3 years have passed since last update.

QoS (Quality of Service) の制御を可能とするモジュール。
Slowloris 攻撃の対策に Lynis にサジェストされる。


yum install epel-release && yum update
yum install mod_qos


cat << "_EOF_" >> /etc/httpd/conf.modules.d/10-mod_qos.conf

QS_ErrorPage                  /error-docs/qs_error.html

# restricts max concurrent requests for any location which has no
# individual rule:
QS_LocRequestLimitDefault                              200

# limits access to *.gif files to 100 concurrent requests:
QS_LocRequestLimitMatch       "^.*\.gif$"              100

# limits concurrent requests to the locations /images and /app/a:
QS_LocRequestLimit            /images                  100
QS_LocRequestLimit            /app/a                   300
# limits download bandwidth to 5Mbit/sec:
QS_LocKBytesPerSecLimit       /app/a                   640

# two locations (/app/b and /app/c) representing a single application:
QS_LocRequestLimitMatch       "^(/app/b/|/app/c/).*$"  300

# allows the application to nominate VIP users by sending a
# "mod-qos-vip" HTTP response header:
QS_VipHeaderName              mod-qos-vip
QS_SessionKey                 na&5san-sB.F4_0a=%D200ahLK1

<Location /qos>
   SetHandler qos-viewer
<Location /qos/console>
   SetHandler qos-console


/usr/bin 配下に以下のコマンドがインストールされる。

  • qscheck
    • Monitor programm testing the TCP connectivity to servers.
  • qsfilter2

    • access/audit ログから QS_Permit* ディレクティブとルールパターンを作成するルールジェネレーター
  • qsgeo

    • Adds the country code for the client IP address within a log file.
  • qsgrep

    • Searches a file for a pattern and prints the data in a new format.
  • qshead

    • an utility reading from stdin and printing all lines to stdout until reaching the defined pattern.
  • qslogger

    • Shell command interface to the syslog(3) system log module.
  • qspng

    • Creates graphics (png images) from the output of qslog.
  • qssign

    • A log data integrity check tool. It reads log data from stdin (pipe) and writes the signed data to stdout adding a sequence number and signatur to ever log line.
    • qssign.rb is a Logstash filter plugin which may be used to verify the signatures of log messages in real time.
  • qstail

    • Shows the end of a log file beginning at a defined pattern.
サーバー管理、CMS構築のお仕事募集中。 CentOS / Apache / Nginx / PHP / MySQL / Docker / CMS (eZ Platform, eZ Publish, WordPress, Drupal) / Redmine
Why not register and get more from Qiita?
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away