########################################################################
# Security - Apache Quality of Service (QoS) module (throttling).      #
# Depends on Apache modules: qos, ssl, setenvif                        #
########################################################################

<IfModule mod_qos.c>
    ### Maximum number of active TCP connections.
    ## Needs to be calculated: http://grimore.org/fuss/apache#calculate_the_optimal_maximum_number_of_concurrent_connections
    MaxClients               25
    ### Idle timeout:
    Timeout                  15
    ### KeepAlive
    KeepAlive                on
    MaxKeepAliveRequests     25
    KeepAliveTimeout         5
    ## Percent of requests (MaxClients) supporting HTTP keep-alive.
    QS_SrvMaxConnClose       70%
    ### Deny slow clients blocking the server.
    ## QS_SrvMinDataRate min (bytes) max (bytes)
    QS_SrvMinDataRate        128 1200
    ### Limit request line, header and body.
    LimitRequestLine         7168
    LimitRequestFields       30
    QS_LimitRequestBody      102400
    ### Number of allowed connections per IP address
    ## Get the IP address from the X-Forwarded-For header.
    # QS_ClientIpFromHeader X-Forwarded-For
    QS_SrvMaxConnPerIP       16
    ### Whitelist IP addresses and address ranges.
    ## Mark loopback and private subnets as exempt from throttling.
    SetEnvIfExpr "-R '127.0.0.0/8' || -R '10.0.0.0/8' || -R '172.16.0.0/12' || -R '192.168.0.0/16'" IgnoreIP=yes
    SetEnvIfExpr "-R '127.0.0.0/8' || -R '10.0.0.0/8' || -R '172.16.0.0/12' || -R '192.168.0.0/16'" QS_VipRequest=yes
    ## Unset the QS_Block variable for whitelisted IP
    QS_SetEnvIf IgnoreIP QS_Block !QS_Block
    ### Enable or disable the qos-viewer and qos-viewer
    QS_DisableHandler on
</IfModule>