mod_qos
| mod_qos | |
|---|---|
| Basic data
|
|
| developer | Apache Software Foundation |
| Current version | 11 |
| operating system | Cross-platform |
| programming language | C. |
| category | Apache module |
| License | Apache license |
| mod-qos.sourceforge.net | |
mod_qos is a module for the Apache HTTP Server that implements Quality of Service (QoS). It implements mechanisms to prioritize and control access to resources of a web server differently.
description
A web server can only process a limited number of simultaneous requests. QoS is used to ensure that important resources remain available even under heavy load by prioritizing requests to these resources higher than requests to less important ones.
mod_qos offers different control mechanisms on different levels:
- Per HTTP request: mod_qos controls the number of simultaneous requests to a namespace (URL). mod_qos can reject requests for low priority resources if their number becomes too high so that the web server can continue to process important requests.
- At connection level: mod_qos controls the number of TCP connections to the web server and can, for example, limit the number of connections made by a single user.
- Bandwidth: Requests for certain resources can be slowed down in order not to fully utilize the available bandwidth.
- Generic filters can reject invalid requests to a web server.
The module can be particularly helpful in a reverse proxy , where many different resources and applications are accessible via a single access point (possible bottleneck).
use cases
Slow application
If a single web server offers access to different applications, the behavior of one application can have a negative effect on the availability of other applications. If, for example, an application (path / ccc in the picture shown above) is very slow, it can happen that the many requests for this application form a jam and thus block all connections to the web server. Other applications (here / aaa or / bbb) that would still work properly are no longer accessible to the user. In such a case, mod_qos can limit the maximum number of simultaneous requests to the slow application so that the other two applications remain available.
HTTP keep-alive
The so-called "Keep-Alive" extension of HTTP 1.1 allows persistent TCP connections between client and server via which several HTTP requests can be carried out. This speeds up the loading of a web page in the browser. A disadvantage is that during the waiting times when no request is processed, resources are still blocked on the server. mod_qos allows a server to support keep-alive as long as it still has enough free resources, but to deactivate this function if too many connections to the server are opened.
Lots of requests to the same url
mod_qos can limit the number of simultaneous requests to a URL. The maximum number of requests per time and the maximum permitted bandwidth can also be defined.
Defense against attacks of the type "Denial of Service (DoS)"
mod_qos can help to protect a web server from attacks of the so-called “Low-bandwidth denial of service” type. Attackers try to block a web server with programs like Slowloris or LOIC by sending very little data to the server on open TCP ports . mod_qos tries to prevent such connections by closing connections with too little data exchange.
history
The first release of mod_qos appeared in May 2007. The software was published on SourceForge.net as an open source project. The first version was able to limit the number of parallel requests to predefined resources. Little by little, more functions were implemented and some of them were used to combat DoS attacks. In 2012 mod_qos was added to the software repository of the Linux distribution Ubuntu .
Major releases:
- May 2007, Version 1: Limits the number of parallel requests to resources.
- July 2007, Version 2.2: Project launches various utility programs.
- August 2007, Version 3: Controls data transfer at connection level. Web interface for viewing the current status.
- September 2007, Version 4: Controlling the bandwidth.
- December 2007, Version 5: Allows the definition of user-specific events ("events") and their limitation ("limitation").
- March 2008, Version 6: Control per client IP address.
- May 2008, Version 7: Enforcement of a minimum bandwidth that a client must adhere to.
- September 2009 version 9: Detection of abnormal user behavior.
- February 2012, version 10: Geolocation support .
- May 2014, Version 11: Much improved bandwidth control.
- July 2015, Version 11.15: Serialization of requests now also via client (IP).
- May 2016, Version 11.28: Support of DiffServ (setting the DSCP field in the IP packet header).
Individual evidence
- ↑ mod_qos manual . Retrieved November 29, 2012.
- ↑ mod_qos on SourceForge.net . May 18, 2007. Retrieved November 24, 2012.
- ↑ Marcus Spiegel: How To Defend slowloris DDoS With mod_qos . HowtoForge. July 15, 2009. Retrieved November 24, 2012.
- ↑ Charly Kuehnast: From the everyday life of a sysadmin: Mod_qos against Slowloris . Linux magazine. May 2010. Retrieved November 24, 2012.
- ↑ mod_qos package for Ubuntu . Retrieved November 24, 2012.
- ↑ Change log . Retrieved November 27, 2012.