Jump to content

How to add IP rate limit in htaccess?


capcom

Recommended Posts

I am getting unusually high request from few IPs and wanted to see if there is a way I can rate limit IP address by making a change in .htaccess file. I am able to block the IPs in a day, but it it making unnecessary calls to website. and they keep coming from new IP addresses.

 

any suggestions are welcome.

Thanks

Link to comment
Share on other sites

This is not possible in stock Apache. It's just allow or block. There are rate limiting modules available, but we don't support any of them. You can manage block lists in cPanel for specific IPs as well.

 

What is the concern about the traffic? Is it causing performance issues or load you're worried about?

Link to comment
Share on other sites

Thanks for the response. I am using the IP blocks to deny access. and keep adding new ones there.

 

My only concern is around load, but when I look at account load in cPanel, it is not significant at all (almost near 0 every day). I just want to make sure that increase in traffic does not cause my account to be flagged.

Link to comment
Share on other sites

Depending on the scripting language you're using you could have your website display a low load static error message explaining to the visitor that they're browsing too fast.

 

If it's bots browsing your site you could use .htaccess to block them based on their user agent. A lot of reputable bots will use the user agent string to let you know exactly who they are. If it's a hacker or some sort of illegal bot -- like trying to hack wordpress accounts -- it will likely have a user agent string that is blank or mimics a real browser though. When you're designing your bot it's easy to put whatever you want in the user agent string.

 

If load starts to become an issue, or if it's a mild ddos you're experiencing you could always use a free cloudflare account. It won't work on a free heliohost.us subdomain, but any purchased or free domain can be configured to use cloudflare. Be aware that cloudflare breaks some of the functionality of cpanel though, but it's something to consider to block access to your site.

Link to comment
Share on other sites

I am using python flask and have added rate limiting already and once reached, it will not load data and will just give a "Rate limit applied" message. That part has been working fine. 

 

Most of the unwanted traffic is coming as Mozilla browser, operating system is unknown in Awstats, but I have a feeling it is a web scrapper. even after rate limit message, user is keep requesting same url.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...