|  | Additional Information | ||||||||||||
| This page gives you additional information on certain aspects of mod_qos to get a better understanding about how to use the module. 
 
 DirectivesThe module is configured by directives. All directives process the connection, HTTP request, and response data in a pre-defined sequence. The following graph shows the order in which the directives work. Rulesmod_qos allows you to configure different kind of rules. The main component of a rule is its counter. A rule measures either the concurrency (how many times something happens at the same time), the occurrence (how often does something happen in a certain amount of time), or the throughput (sent amount of data or number of request) and stores this information within that counter. Every rule has it's own threshold and maintains its own counter. A rule is identified by either an URL pattern/matching string or by an environment variable name. You can configure as many rules as you want.   
Note: Some counters are only available once. This applies to the counters of
the rules using the
 Environment Variables
The Apache web server provides a mechanism for storing information 
in so called environment variables. mod_qos uses these 
variables to exchange data respectively signalize events between 
different rules defined by the 
corresponding directive. These 
variables can also be written or read by other Apache modules, such as
mod_setenvifplus  Example: It is also possible to write the values of these variables to your log
file using the format string  Concurrency CounterA "concurrency counter" is used to determine how many times something happens at the same time, e.g. HTTP requests accessing the same resource/URL at the same time. The rules using this counter type are either defined by an environment variable name or an URL pattern (regular expression or a string matching the request's URL). Such a rule automatically increments the counter when the Apache web server starts to process a matching request and decrements the counter when the request processing is completed. You have to configure a threshold and the rule's variable name resp. URL pattern. Requests (or new connections) are denied as soon as the configured threshold is reached. Directives using this counter type are: 
 QS_SrvMaxConn,QS_SrvMaxConnClose, andQS_SrvMaxConnPerIPdirectives use this counter type, although with fewer parameter options.Sample Use CaseNow let us look at an example to show where these rules can be used. Let's assume that you have two applications. We call them "A" and "B". Application "A" has been deployed on path/app/aand "B" 
on/app/b.
 Such a scenario can occur due to various infrastructure problems, e.g., by slow database queries. A similar situation can also arise through an external influence: if someone penetrates application "B" with a HTTP GET / POST flood DoS attack, then application "A" could also become unreachable. A QS_LocRequestLimitrule can prevent this.Repeat Counter"Repeat counters" limit the number how often (Cr) something is allowed to happen in a certain amount of time (Td). These rules trigger a timer whenever the defined event occurs the first time and start to count every subsequent event until the timer expires. If the event counter reaches the defined limitation, requests are blocked until the time is up. 
     All repeat counters allow you to define an event which shall increment the counter if they occur. You also have to configure a duration Td and the threshold Cr, defining how many events are allowed within the time Td. Directive parameter example: While the counter is automatically cleared (set to 0) when the time Td is up, you might also configure additional events to decrement or clear the counter earlier. The directives using this counter type are: 
 Throughput ControlThroughput control is implemented by measuring the current usage and calculating a necessary delay which needs to be applied to the data processing in order to achieve the desired limitation (closed loop control system). 
     mod_qos can limit the bandwidth when downloading data from your web server to the client. This throughput control can be configured by the following directives: Requests per Second
It is also possible to limit the number or requests per second to a 
resource. This control function is less accurate than the bandwidth 
limitation, since the measurement of the request rate takes longer 
(several seconds) and the request delay is more coarse-grained. Serializationmod_qos offers you the option to serialize requests. Serialization means, that requests are processed one after the other. Incomming requests are queued if another request is in process and have to wait until the previous request is finished. 
     Requests, which shall be serialized, are tagged by one of the following environment variables: Serialization might be applied on a per server level (serializing all HTTP requests) or on a per client level (serializing multiple requests comming from the same client/IP address). Error Pages and Server Side Includes (SSI)
Custom error documents to be used by mod_qos 
are either configured using the 
 
 
 
 
 User Tracking
It might be necessary to identify individual users to define appropriate QoS
rules. For this reason, mod_qos can set a cookie
containing a unique identifier. This identifier is then written to the
 This feature is enabled by the following directive: 
 QS_UserTrackingCookieNamedirective. 
This parameter defines an error document and mod_qos 
answers the request with a redirect (302) to this document when setting 
the cookie initially. The browser will follow the redirect and mod_qos 
redirects the browser back to the initially requested page if the request 
to this error document contains the tracking cookie. If the browser did not 
send the cookie, the error document is shown.   
Note: You can exclude certain clients from this enforcement by 
setting the  
 
 
 |