Download | Plain Text | Line Numbers
/*
* Copyright (C) 2000-2002 David Jao <djao@dominia.org>
* "MaxConnPerUid", "MaxConnPerVhost" and "MaxLA*" portions by Maxim Chirkov <mc@tyumen.ru>
* per VHost settings, advanced content-type shm-cache and check, scoreboard dump,
* optional KeepAlive-Values, code reorganization and apache2 port by Manuel Mausz <manuel@mausz.at>
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
* files (the "Software"), to deal in the Software without
* restriction, including without limitation the rights to use, copy,
* modify, merge, publish, distribute, sublicense, and/or sell copies
* of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice, this permission notice, and the
* following disclaimer shall be included in all copies or substantial
* portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
* HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
* WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
* DEALINGS IN THE SOFTWARE.
*
*/
#define CORE_PRIVATE
#include "httpd.h"
#include "http_config.h"
#include "http_request.h"
#include "http_protocol.h"
#include "http_core.h"
#include "http_main.h"
#include "http_log.h"
#include "scoreboard.h"
#include <sys/types.h>
/* apache2 specific includes */
#include "unixd.h"
#include "ap_mpm.h"
#include "apr_strings.h"
#if HAVE_SHMGET || APR_HAS_SHARED_MEMORY
# define CREATE_OWN_SCOREBOARD 1
# include <sys/ipc.h>
# include <sys/shm.h>
#else
# define CREATE_OWN_SCOREBOARD 0
#endif
#define MODULE_NAME "mod_limitipconn"
#define MODULE_VERSION "0.21-vhost"
#define SHM_KEY IPC_PRIVATE
//#define DEBUG 1
//#define DUMP 1
#ifdef DUMP
# include <sys/types.h>
# include <unistd.h>
# include <time.h>
# ifndef DEFAULT_TIME_FORMAT
# define DEFAULT_TIME_FORMAT "%A, %d-%b-%Y %H:%M:%S %Z"
# endif
#endif
#define LIPC_LOG(level,errno) level,APR_FROM_OS_ERROR(errno)
module AP_MODULE_DECLARE_DATA limitipconn_module;
static int server_limit, thread_limit;
#if CREATE_OWN_SCOREBOARD
/* apache2 doesn't export ap_sb_handle_t via scoreboard.h */
struct ap_sb_handle_t
{
int child_num;
int thread_num;
};
#endif
#if CREATE_OWN_SCOREBOARD
/* our own personal scoreboard */
typedef struct {
uid_t userid;
char handler[100];
} limit_scoreboard;
//static limit_scoreboard *sb = (limit_scoreboard *)-1;
static void *sb = (void *)-1;
static int limit_shmid;
#endif
typedef struct
{
int limit; /* max number of connections per IP */
int limit_ka; /* optional keepalive limit */
#if CREATE_OWN_SCOREBOARD
int limit_uid; /* max number of connections per user */
int limit_uid_ka; /* optional keepalive limit */
#endif
int limit_vhost; /* max number of connections per virtual host */
int limit_vhost_ka; /* optional keepalive limit */
double limit_la1; /* maximum value of Load Average for 1 min. */
double limit_la5; /* maximum value of Load Average for 5 min. */
double limit_la15; /* maximum value of Load Average for 15 min. */
#if CREATE_OWN_SCOREBOARD
apr_array_header_t *excl_limit; /* array of MIME types to limit check; all
other types are exempt */
#endif
} limitipconn_config;
static void *limitipconn_create_config(apr_pool_t *p, server_rec *s)
{
limitipconn_config *cfg = (limitipconn_config *)apr_pcalloc(p, sizeof(*cfg));
/* default configuration: no limit, and both arrays are empty */
cfg->limit = -1;
cfg->limit_ka = -1;
#if CREATE_OWN_SCOREBOARD
cfg->limit_uid = -1;
cfg->limit_uid_ka = -1;
#endif
cfg->limit_vhost = -1;
cfg->limit_vhost_ka = -1;
cfg->limit_la1 = -1.0;
cfg->limit_la5 = -1.0;
cfg->limit_la15 = -1.0;
#if CREATE_OWN_SCOREBOARD
cfg->excl_limit = apr_array_make(p, 0, sizeof(char *));
#endif
return cfg;
}
#ifdef DUMP
static const char *ap_scdump_fname = NULL;
static int dump_scoreboard(request_rec *r, const char *reason, int matches[server_limit][thread_limit])
{
worker_score *ws_record;
process_score *ps_record;
char buf[255];
char *fname;
FILE *fd;
time_t nowtime = time(NULL);
int i, j, dump;
char *vhost = NULL;
pid_t worker_pid;
ap_generation_t worker_generation;
uid_t userid = 0;
#if CREATE_OWN_SCOREBOARD
limit_scoreboard (* sb2)[thread_limit];
sb2 = (limit_scoreboard (*)[thread_limit])sb;
#endif
if (!ap_scdump_fname)
{
ap_log_rerror(APLOG_MARK, LIPC_LOG(APLOG_NOERRNO|APLOG_ERR, 0), r, "Error: Trying to dump scoreboard, but directive ScoreboardDump isn't set");
return 1;
}
sprintf(buf, "%s.%ld", ap_scdump_fname, (long)getpid());
fname = ap_server_root_relative(r->pool, buf);
if (!(fd = fopen(fname, "a")))
{
ap_log_rerror(APLOG_MARK, LIPC_LOG(APLOG_NOERRNO|APLOG_ERR, errno), r, "Error while opening: %s.", fname);
return 1;
}
fprintf(fd, "Scoreboard Dump for %s due to %s restriction\n", ap_get_server_name(r), reason);
fprintf(fd, "Server Version: %s\n", ap_get_server_version());
fprintf(fd, "Current Time: %s\n", ap_ht_time(r->pool, nowtime, DEFAULT_TIME_FORMAT, 0));
fprintf(fd, "Request URI: %s [%s]\n", ap_escape_logitem(r->pool, r->unparsed_uri), ap_escape_logitem(r->pool, r->hostname));
fprintf(fd, "Parent Server Generation: %d\n", (int)ap_my_generation);
fputs("\n", fd);
fflush(fd);
fputs("Server Details\n", fd);
for (i = 0; i < server_limit; i++)
{
for (j = 0; j < thread_limit; j++)
{
ws_record = ap_get_scoreboard_worker(i, j);
ps_record = ap_get_scoreboard_process(i);
if (ps_record->generation == ap_my_generation)
vhost = ws_record->vhost;
dump = 0;
switch (ws_record->status)
{
case SERVER_BUSY_READ:
case SERVER_BUSY_WRITE:
case SERVER_BUSY_KEEPALIVE:
case SERVER_BUSY_LOG:
case SERVER_BUSY_DNS:
case SERVER_GRACEFUL:
if (matches[i][j])
dump = 1;
break;
default:
break;
}
if (!dump)
continue;
/* MPM sets per-worker pid and generation */
if (ws_record->pid)
{
worker_pid = ws_record->pid;
worker_generation = ws_record->generation;
}
else
{
worker_pid = ps_record->pid;
worker_generation = ps_record->generation;
}
if (ws_record->status == SERVER_DEAD)
#ifdef TPF
if (kill(ps_record->pid, 0) == 0)
{
/* on TPF show PIDs of the living dead */
fprintf(fd, "Server %d-%d (%d): [", i, worker_generation, worker_pid);
}
else
#endif
fprintf(fd, "Server %d-%d (-): [", i, worker_generation);
else
fprintf(fd, "Server %d-%d (%d): [", i, worker_generation, worker_pid);
switch (ws_record->status)
{
case SERVER_READY:
fputs("Ready", fd);
break;
case SERVER_STARTING:
fputs("Starting", fd);
break;
case SERVER_BUSY_READ:
fputs("Read", fd);
break;
case SERVER_BUSY_WRITE:
fputs("Write", fd);
break;
case SERVER_BUSY_KEEPALIVE:
fputs("Keepalive", fd);
break;
case SERVER_BUSY_LOG:
fputs("Logging", fd);
break;
case SERVER_BUSY_DNS:
fputs("DNS lookup", fd);
break;
case SERVER_DEAD:
fputs("Dead", fd);
break;
case SERVER_GRACEFUL:
fputs("Graceful", fd);
break;
default:
fputs("?STATE?", fd);
break;
}
#if CREATE_OWN_SCOREBOARD
userid = sb2[i][j].userid;
#endif
fprintf(fd, "] %s {%s %s} [%s - %d]\n",
ap_escape_html(r->pool, ws_record->client),
ap_escape_html(r->pool, ap_escape_logitem(r->pool, ws_record->request)),
#if CREATE_OWN_SCOREBOARD
sb2[i][j].handler,
#else
"(unavailable)",
#endif
vhost ? ap_escape_html(r->pool, vhost) : "(unavailable)",
userid);
}
}
fputs("\n-------------------------------------------------------------------------------\n\n", fd);
fclose(fd);
ap_log_rerror(APLOG_MARK, LIPC_LOG(APLOG_NOERRNO|APLOG_ERR, 0), r, "Wrote scoreboard dump to: %s", fname);
return 0;
}
#endif
/* Simple merge: Per vhost entries overrides main server entries */
static void *limitipconn_merge_config(apr_pool_t *p, void *BASE, void *ADD)
{
limitipconn_config *base = BASE;
limitipconn_config *add = ADD;
limitipconn_config *cfg = (limitipconn_config *)apr_pcalloc(p, sizeof(*cfg));
cfg->limit = (add->limit == -1) ? base->limit : add->limit;
cfg->limit_ka = (add->limit_ka == -1) ? base->limit_ka : add->limit_ka;
#if CREATE_OWN_SCOREBOARD
cfg->limit_uid = (add->limit_uid == -1) ? base->limit_uid : add->limit_uid;
cfg->limit_uid_ka = (add->limit_uid_ka == -1) ? base->limit_uid_ka : add->limit_uid_ka;
#endif
cfg->limit_vhost = (add->limit_vhost == -1) ? base->limit_vhost : add->limit_vhost;
cfg->limit_vhost_ka = (add->limit_vhost_ka == -1) ? base->limit_vhost_ka : add->limit_vhost_ka;
cfg->limit_la1 = (add->limit_la1 == -1.0) ? base->limit_la1 : add->limit_la1;
cfg->limit_la5 = (add->limit_la5 == -1.0) ? base->limit_la5 : add->limit_la5;
cfg->limit_la15 = (add->limit_la15 == -1.0) ? base->limit_la15 : add->limit_la15;
#if CREATE_OWN_SCOREBOARD
cfg->excl_limit = (add->excl_limit->nelts == 0) ? base->excl_limit : add->excl_limit;
#endif
return cfg;
}
static int limitipconn_handler(request_rec *r)
{
limitipconn_config *cfg = (limitipconn_config *)ap_get_module_config(r->server->module_config, &limitipconn_module);
#if CREATE_OWN_SCOREBOARD
limit_scoreboard (* sb2)[thread_limit];
limit_scoreboard *sbrec = NULL;
char **exlim = (char **)cfg->excl_limit->elts;
int found;
ap_unix_identity_t *identity;
ap_sb_handle_t *sbh;
#endif
double current_la[3];
int ip_req_count = 0;
const char *address = NULL;
#if CREATE_OWN_SCOREBOARD
int uid_req_count = 0;
uid_t current_uid = 0;
#endif
int vhost_req_count = 0;
const char *current_vhost = NULL;
worker_score *ws_record;
process_score *ps_record;
int i, j, k;
#ifdef DUMP
int matches[server_limit][thread_limit];
#endif
/* A limit value of 0 by convention means no limit. */
if (cfg->limit <= 0 && cfg->limit_ka <= 0
#if CREATE_OWN_SCOREBOARD
&& cfg->limit_uid <= 0 && cfg->limit_uid_ka <= 0
#endif
&& cfg->limit_vhost <= 0 && cfg->limit_vhost_ka <= 0
&& cfg->limit_la1 <= 0.0 && cfg->limit_la5 <= 0.0 && cfg->limit_la15 <= 0.0)
{
#ifdef DEBUG
ap_log_rerror(APLOG_MARK, LIPC_LOG(APLOG_NOERRNO|APLOG_DEBUG, 0), r, "mod_limitipconn: OK: No limit");
#endif
return OK;
}
#if CREATE_OWN_SCOREBOARD
sb2 = (limit_scoreboard (*)[thread_limit])sb;
sbh = r->connection->sbh;
if (sbh == NULL)
{
ap_log_rerror(APLOG_MARK, LIPC_LOG(APLOG_NOERRNO|APLOG_ERR, 0), r, "mod_limitipconn: Warning: Request has no reference to scoreboard!");
return OK;
}
sbrec = &sb2[sbh->child_num][sbh->thread_num];
/* Cycle through the exclusive list, if it exists; if our handler
* is not present, bail out */
if (cfg->excl_limit->nelts > 0)
{
/* always update our scoreboard */
if (r->handler)
apr_cpystrn(sbrec->handler, r->handler, sizeof(sbrec->handler) - 1);
else
sbrec->handler[0] = 0;
# ifdef DEBUG
ap_log_rerror(APLOG_MARK, LIPC_LOG(APLOG_NOERRNO|APLOG_DEBUG, 0), r, "mod_limitipconn: uri: %s handler: %s", r->uri, r->handler);
# endif
found = 0;
for (i = 0; r->handler && i < cfg->excl_limit->nelts && !found; i++)
{
if (strncmp(exlim[i], r->handler, strlen(exlim[i])) == 0)
found = 1;
}
if (!found)
{
# ifdef DEBUG
ap_log_rerror(APLOG_MARK, LIPC_LOG(APLOG_NOERRNO|APLOG_DEBUG, 0), r, "mod_limitipconn: OK: %s not checked", r->handler);
# endif
return OK;
}
}
#endif /* CREATE_OWN_SCOREBOARD */
/* Check Load Average overflow */
if (cfg->limit_la1 > 0.0 || cfg->limit_la5 > 0.0 || cfg->limit_la15 > 0.0)
{
if (getloadavg(current_la, 3) != -1)
{
if ((current_la[0] >= cfg->limit_la1) && (current_la[1] >= cfg->limit_la5) && (current_la[2] >= cfg->limit_la15))
{
r->connection->keepalive = -1;
ap_log_rerror(APLOG_MARK, LIPC_LOG(APLOG_NOERRNO|APLOG_ERR, 0), r, "Load Average limit exceeded (limit: %.2f, %.2f, %.2f)",
cfg->limit_la1, cfg->limit_la5, cfg->limit_la15);
return HTTP_SERVICE_UNAVAILABLE;
}
}
}
/* get address */
if (cfg->limit > 0 || cfg->limit_ka > 0)
{
#ifdef RECORD_FORWARD
if ((address = ap_table_get(r->headers_in, "X-Forwarded-For")) == NULL)
#endif
address = r->connection->remote_ip;
}
/* Get uid of current virual host for future use */
if (r->server->is_virtual)
{
#if CREATE_OWN_SCOREBOARD
if (cfg->limit_uid > 0 || cfg->limit_uid_ka > 0)
{
if ((identity = ap_run_get_suexec_identity(r)))
current_uid = identity->uid;
}
sbrec->userid = current_uid;
#endif
if (cfg->limit_vhost > 0 || cfg->limit_vhost_ka > 0)
current_vhost = r->server->server_hostname;
}
/* Count up the number of connections we are handling right now from
* this IP address */
for (j = 0; j < server_limit; j++)
{
for (k = 0; k < thread_limit; k++)
{
#ifdef DUMP
matches[j][k] = 0;
#endif
ws_record = ap_get_scoreboard_worker(j, k);
ps_record = ap_get_scoreboard_process(i);
switch (ws_record->status)
{
case SERVER_BUSY_READ:
case SERVER_BUSY_WRITE:
case SERVER_BUSY_KEEPALIVE:
case SERVER_BUSY_LOG:
case SERVER_BUSY_DNS:
case SERVER_GRACEFUL:
#if CREATE_OWN_SCOREBOARD
/* Cycle through the exclusive list, if it exists; if our handler
* is not present, skip */
if (cfg->excl_limit->nelts > 0)
{
/* skip if no handler is set */
if (!sb2[j][k].handler)
continue;
found = 0;
for (i = 0; i < cfg->excl_limit->nelts && !found; i++)
{
if (strncmp(exlim[i], sb2[j][k].handler, strlen(exlim[i])) == 0)
found = 1;
}
if (!found)
continue;
}
#endif
if (address && (strcmp(address, ws_record->client) == 0)
#ifdef RECORD_FORWARD
|| (strcmp(address, ws_record->fwdclient) == 0)
#endif
)
{
ip_req_count++;
#ifdef DUMP
matches[j][k] = 1;
#endif
}
#if CREATE_OWN_SCOREBOARD
if ((ps_record->generation == ap_my_generation))
{
if (current_uid && current_uid != unixd_config.user_id && sb2[j][k].userid == current_uid)
uid_req_count++;
if (current_vhost && (strcmp(ws_record->vhost, current_vhost) == 0))
vhost_req_count++;
}
#endif
break;
default:
break;
}
}
}
/* turn off keepalive if keepalive-limit reached */
if ((cfg->limit_ka > 0 && ip_req_count > cfg->limit_ka)
#if CREATE_OWN_SCOREBOARD
|| (cfg->limit_uid_ka > 0 && uid_req_count > cfg->limit_uid_ka)
#endif
|| (cfg->limit_vhost_ka > 0 && vhost_req_count > cfg->limit_vhost_ka))
{
#ifdef DEBUG
ap_log_rerror(APLOG_MARK, LIPC_LOG(APLOG_NOERRNO|APLOG_DEBUG, 0), r, "mod_limitipconn: keepalive-limit reached. deactivating keepalive.");
#endif
r->connection->keepalive = -1;
}
/* hard limit reached */
if (cfg->limit > 0 && ip_req_count > cfg->limit)
{
ap_log_rerror(APLOG_MARK, LIPC_LOG(APLOG_NOERRNO|APLOG_ERR, 0), r, "Rejected, too many connections from address %s (limit: %d).",
address, cfg->limit);
apr_table_setn(r->subprocess_env, "LIMITIP", "1");
#ifdef DUMP
dump_scoreboard(r, "IP-Limit", matches);
#endif
return HTTP_SERVICE_UNAVAILABLE;
}
#if CREATE_OWN_SCOREBOARD
else if (cfg->limit_uid > 0 && uid_req_count > cfg->limit_uid)
{
ap_log_rerror(APLOG_MARK, LIPC_LOG(APLOG_NOERRNO|APLOG_ERR, 0), r, "Rejected, too many connections for uid %u (limit: %d)",
current_uid, cfg->limit_uid);
#ifdef DUMP
dump_scoreboard(r, "UID-Limit", matches);
#endif
return HTTP_SERVICE_UNAVAILABLE;
}
#endif
else if (cfg->limit_vhost > 0 && vhost_req_count > cfg->limit_vhost)
{
ap_log_rerror(APLOG_MARK, LIPC_LOG(APLOG_NOERRNO|APLOG_ERR, 0), r, "Rejected, too many connections for vhost %s (limit: %d)",
current_vhost, cfg->limit_vhost);
#ifdef DUMP
dump_scoreboard(r, "Vhost-Limit", matches);
#endif
return HTTP_SERVICE_UNAVAILABLE;
}
return OK;
}
/* Parse the MaxConnPerIP directive */
static const char *limit_config_cmd(cmd_parms *parms, void *mconfig, const char *arg1, const char *arg2)
{
limitipconn_config *cfg = (limitipconn_config *)ap_get_module_config(parms->server->module_config, &limitipconn_module);
long int limit, limit_ka;
limit = strtol(arg1, (char **)NULL, 10);
if (limit < 0 || limit > INT_MAX)
return "Integer overflow or invalid number";
if (arg2)
{
limit_ka = strtol(arg2, (char **)NULL, 10);
if (limit_ka < 0 || limit_ka > INT_MAX)
return "Integer overflow or invalid number";
if (limit > 0 && limit_ka > limit)
return "KeepAlive-limit has to be smaller than hard limit.";
cfg->limit_ka = limit_ka;
}
cfg->limit = limit;
return NULL;
}
#if CREATE_OWN_SCOREBOARD
/* Parse the IPLimit directive */
static const char *excl_limit_config_cmd(cmd_parms *parms, void *mconfig, const char *arg)
{
limitipconn_config *cfg = (limitipconn_config *)ap_get_module_config(parms->server->module_config, &limitipconn_module);
*(char **)apr_array_push(cfg->excl_limit) = apr_pstrdup(parms->pool, arg);
return NULL;
}
#endif
/* Parse the MaxConnPerVhost directive */
static const char *limit_vhost_config_cmd(cmd_parms *parms, void *mconfig, const char *arg1, const char *arg2)
{
limitipconn_config *cfg = (limitipconn_config *)ap_get_module_config(parms->server->module_config, &limitipconn_module);
long int limit, limit_ka;
limit = strtol(arg1, (char **)NULL, 10);
if (limit < 0 || limit > INT_MAX)
return "Integer overflow or invalid number";
if (arg2)
{
limit_ka = strtol(arg2, (char **)NULL, 10);
if (limit_ka < 0 || limit_ka > INT_MAX)
return "Integer overflow or invalid number";
if (limit > 0 && limit_ka > limit)
return "KeepAlive-limit has to be smaller than hard limit.";
cfg->limit_vhost_ka = limit_ka;
}
cfg->limit_vhost = limit;
return NULL;
}
#if CREATE_OWN_SCOREBOARD
/* Parse the MaxConnPerUid directive */
static const char *limit_uid_config_cmd(cmd_parms *parms, void *mconfig, const char *arg1, const char *arg2)
{
limitipconn_config *cfg = (limitipconn_config *)ap_get_module_config(parms->server->module_config, &limitipconn_module);
long int limit, limit_ka;
limit = strtol(arg1, (char **)NULL, 10);
if (limit < 0 || limit > INT_MAX)
return "Integer overflow or invalid number";
if (arg2)
{
limit_ka = strtol(arg2, (char **)NULL, 10);
if (limit_ka < 0 || limit_ka > INT_MAX)
return "Integer overflow or invalid number";
if (limit > 0 && limit_ka > limit)
return "KeepAlive-limit has to be smaller than hard limit.";
cfg->limit_uid_ka = limit_ka;
}
cfg->limit_uid = limit;
return NULL;
}
#endif
/* Parse the MaxLA1 directive */
static const char *limit_la1_config_cmd(cmd_parms *parms, void *mconfig, const char *arg)
{
limitipconn_config *cfg = (limitipconn_config *)ap_get_module_config(parms->server->module_config, &limitipconn_module);
double limit = strtod(arg, (char **)NULL);
if (limit < 0.0)
return "Invalid LA1 value";
cfg->limit_la1 = limit;
return NULL;
}
/* Parse the MaxLA5 directive */
static const char *limit_la5_config_cmd(cmd_parms *parms, void *mconfig, const char *arg)
{
limitipconn_config *cfg = (limitipconn_config *)ap_get_module_config(parms->server->module_config, &limitipconn_module);
double limit = strtod(arg, (char **)NULL);
if (limit < 0.0)
return "Invalid LA5 value";
cfg->limit_la5 = limit;
return NULL;
}
/* Parse the MaxLA15 directive */
static const char *limit_la15_config_cmd(cmd_parms *parms, void *mconfig, const char *arg)
{
limitipconn_config *cfg = (limitipconn_config *)ap_get_module_config(parms->server->module_config, &limitipconn_module);
double limit = strtod(arg, (char **)NULL);
if (limit < 0.0)
return "Invalid LA15 value";
cfg->limit_la15 = limit;
return NULL;
}
#ifdef DUMP
static const char *set_scoreboard_dump(cmd_parms *parms, void *mconfig, const char *arg)
{
const char *err = ap_check_cmd_context(parms, GLOBAL_ONLY);
if (err != NULL)
return err;
if (parms->server->is_virtual)
return "ScoreboardDump directive not allowed in <VirtualHost>";
ap_scdump_fname = arg;
return NULL;
}
#endif
static command_rec limitipconn_cmds[] = {
AP_INIT_TAKE12("MaxConnPerIP", limit_config_cmd, NULL, RSRC_CONF,
"maximum simultaneous connections per IP address. Second value is optional. If reached, KeepAlive will be turned off."),
#if CREATE_OWN_SCOREBOARD
AP_INIT_ITERATE("IPLimit", excl_limit_config_cmd, NULL, RSRC_CONF,
"restrict limit checking to these handlers/MIME types only."),
#endif
#if CREATE_OWN_SCOREBOARD
AP_INIT_TAKE12("MaxConnPerUid", limit_uid_config_cmd, NULL, RSRC_CONF,
"maximum simultaneous connections per user. Second value is optional. If reached, KeepAlive will be turned off."),
#endif
AP_INIT_TAKE12("MaxConnPerVhost", limit_vhost_config_cmd, NULL, RSRC_CONF,
"maximum simultaneous connections per virtual host. Second value is optional. If reached, KeepAlive will be turned off."),
AP_INIT_TAKE1("MaxLA1", limit_la1_config_cmd, NULL, RSRC_CONF,
"maximum Load Overage value for the past 1 minute."),
AP_INIT_TAKE1("MaxLA5", limit_la5_config_cmd, NULL, RSRC_CONF,
"maximum Load Overage value for the past 5 minutes."),
AP_INIT_TAKE1("MaxLA15", limit_la15_config_cmd, NULL, RSRC_CONF,
"maximum Load Overage value for the past 15 minutes."),
#ifdef DUMP
AP_INIT_TAKE1("ScoreboardDump", set_scoreboard_dump, NULL, RSRC_CONF,
"The filename of the scoreboard dumps. Will be appended by the process id."),
#endif
{ NULL },
};
#if CREATE_OWN_SCOREBOARD
static apr_status_t limit_detach_shm(void *data)
{
shmdt(data);
return APR_SUCCESS;
}
#endif
static int limitipconn_init(apr_pool_t *p, apr_pool_t *plog,
apr_pool_t *ptemp, server_rec *s)
{
void *data;
const char *userdata_key = "limitipconn_init";
/* initialize_module() will be called twice, and if it's a DSO
* then all static data from the first call will be lost. Only
* set up our static data on the second call. */
apr_pool_userdata_get(&data, userdata_key, s->process->pool);
if (!data)
{
apr_pool_userdata_set((const void *)1, userdata_key,
apr_pool_cleanup_null, s->process->pool);
return APR_SUCCESS;
}
ap_mpm_query(AP_MPMQ_HARD_LIMIT_THREADS, &thread_limit);
ap_mpm_query(AP_MPMQ_HARD_LIMIT_DAEMONS, &server_limit);
#if CREATE_OWN_SCOREBOARD
if ((limit_shmid = shmget(SHM_KEY, sizeof(limit_scoreboard) * server_limit * thread_limit, IPC_CREAT | SHM_R | SHM_W)) == -1)
{
ap_log_error(APLOG_MARK, LIPC_LOG(APLOG_EMERG, errno), s, "could not initialize shared memory");
exit(1);
}
ap_log_error(APLOG_MARK, LIPC_LOG(APLOG_NOERRNO|APLOG_NOTICE, 0), s, "mod_limitipconn: initialized shared memory.");
//if ((sb = (limit_scoreboard *) shmat(limit_shmid, NULL, 0)) == (limit_scoreboard *) -1)
if ((sb = (void *)shmat(limit_shmid, NULL, 0)) == (void *) -1)
ap_log_error(APLOG_MARK, LIPC_LOG(APLOG_EMERG, errno), s, "shmat error");
/* exit later after marking the segment to remove itself */
else
apr_pool_cleanup_register(p, (void *)sb, limit_detach_shm, apr_pool_cleanup_null);
/* Mark the segment for deletion once all attachments are detached */
if (shmctl(limit_shmid, IPC_RMID, NULL) == -1)
ap_log_error(APLOG_MARK, LIPC_LOG(APLOG_EMERG, errno), s, "Could not mark shared segment for deletion, you must manually clean it up");
/* exit if we didn't attach successfully */
if (sb == (void *) -1)
exit(1);
#endif
ap_log_error(APLOG_MARK, LIPC_LOG(APLOG_NOERRNO|APLOG_NOTICE, 0), s, MODULE_NAME " " MODULE_VERSION " started.");
return APR_SUCCESS;
}
static void register_hooks(apr_pool_t * p)
{
ap_hook_post_config(limitipconn_init, NULL, NULL, APR_HOOK_MIDDLE);
ap_hook_fixups(limitipconn_handler, NULL, NULL, APR_HOOK_MIDDLE);
}
module AP_MODULE_DECLARE_DATA limitipconn_module =
{
STANDARD20_MODULE_STUFF,
NULL, /* per-directory config creator */
NULL, /* dir config merger */
limitipconn_create_config, /* server config creator */
limitipconn_merge_config, /* server config merger */
limitipconn_cmds, /* command table */
register_hooks, /* set up other request processing hooks */
};