mod qos

Quality-of-Service for the Apache HTTP Server
Stable release 11
Written in C
Operating system Cross-platform
Available in English
Type Module for the Apache HTTP server
License GPL License
Website mod-qos.sourceforge.net

mod_qos is a quality of service (QoS) module for the Apache HTTP server implementing control mechanisms that can provide different priority to different requests.

Description

A web server can only serve a limited number of concurrent requests. QoS is used to ensure that important resources stay available under high server load. mod_qos is used to reject requests to unimportant resources while granting access to more important applications. It is also possible to disable access restrictions, for example, for requests to very important resources or for very important users.

Control mechanisms are available at the following levels:

The module can be useful when used in a reverse proxy in order to divide up resources to different webserver.

Use Cases

Slow Application

The first use case shows how mod_qos can avoid service outage of a web server due to slow responses of a single application. In case an application (here /ccc) is very slow, requests wait until a timeout occurs. Due to many waiting requests, the web server runs out of free TCP connections and is not able to process other requests to application /aaa or /bbb. mod_qos limits the concurrent requests to an application in order to assure the availability of other resources.

HTTP keep-alive

The keep-alive extension to HTTP 1.1 allows persistent TCP connections for multiple request/responses. This accelerates access to the web server due to less and optimised network traffic. The disadvantage of these persistent connections is that server resources are blocked even though no data is exchanged between client and server. mod_qos allows a server to support keep-alive as long as sufficient connections are free, stopping the keep-alive support when a defined connection threshold is reached.

Client opens many concurrent connections

A single client may open many simultaneous TCP connections in order to download different content from the web server. While the client gets many connections other users may not be able to access the server since no free connections remain for them. mod_qos can limit the number of concurrent connections for a single IP source address.

Many requests to a single URL

If you have to limit the number of requests to a URL, mod_qos can help with that too. mod_qos limits the maximum number of requests per second to this URL. The module may also control bandwidth. Simply specify the maximum allowed bandwidth and moq_qos starts throttling when it becomes necessary.

Mitigating low-bandwidth denial of service attacks

mod_qos may help to protect an Apache web server against low-bandwidth DoS attacks by enforcing a minimum upload/download throughput a client must generate.[1]

History

The initial release of mod_qos was created in May 2007 and published on SourceForge.net[2] as an open source software project. It was able to limit the number of concurrent HTTP requests for specified resources (path portion of request URLs) on the web server. More features were added and some of them were useful to protect Apache servers against DoS attacks.[3][4] In 2012, mod_qos was included to the Ubuntu Linux distribution.[5]

Major releases:[6]

References

  1. "mod_qos manual". Retrieved 2012-11-29.
  2. "mod_qos on SourceForge.net". 2007-05-18. Retrieved 2012-11-24.
  3. Marcus Spiegel (2009-07-15). "How To Defend slowloris DDoS With mod_qos". HowtoForge. Retrieved 2012-11-24.
  4. Charly Kuehnast (May 2010). "Aus dem Alltag eines Sysadmin: Mod_qos gegen Slowloris". Linux Magazin. Retrieved 2012-11-24.
  5. "mod_qos package for Ubuntu". Retrieved 2012-11-24.
  6. "Change log". Retrieved 2012-11-27.

External links

This article is issued from Wikipedia - version of the Friday, December 11, 2015. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.