Whitelist own IP for QS_ClientEventLimitCount

Quality of service module for Apache httpd

Brought to you by: pbuchbinder

Whitelist own IP for QS_ClientEventLimitCount

Forum: Open Discussion

Creator: Andreas K.

Created: 2021-02-16

Updated: 2021-02-21

Andreas K. - 2021-02-16

Dear Pascal,

Thank you for this great Apache module! We all appreciate your hard work and time you are putting into mod_qos! Keep up the good work!

I have been trying to exclude my own IP address from mod_qos for some time now, without any luck.

Here is one of the rules that also triggers from my own IP which I wish to exclude (not being logged in as a VIP user) :

QS_ClientEventLimitCount 100 86400 CounterHits_images SetEnvIfPlus Request_URI ^/img/.*\.(jpg)|(jpeg)|(gif)|(png)$ CounterHits_images=1

I have in my config file now:

SetEnvIf Remote_Addr xxx.xxx.xxx.xxx QS_VipRequest=yes
...
QS_SrvMaxConnExcludeIP xxx.xxx.xxx.xxx
...
SetEnvIf Remote_Addr xxx.xxx.xxx.xxx IgnoreIP=yes
...
QS_ClientEventBlockExcludeIP xxx.xxx.xxx.xxx

In that order.

None of the 4 exclude rules work to exclude my IP from triggering my event(s).

What am I doing wrong? This is a virtual host running under Apache 2.

Thanks!
Andreas

P.S. Restructuring and clean-up of documentation would be nice.

Last edit: Andreas K. 2021-02-16
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Pascal Buchbinder - 2021-02-16

The most obvious solution seems to me to unset/clear the variable for your IP address:

SetEnvIfPlus Request_URI ^/img/.*\.(jpg)|(jpeg)|(gif)|(png)$ CounterHits_images=1 SetEnvIfPlus Remote_Addr xxx.xxx.xxx.xxx !CounterHits_images

Note: The order in the file is important as these directives are processed one after the other.

In general: always check the sequence in which the directives of mod_qos (but also the other modules) are processed.
http://mod-qos.sourceforge.net/glossary.html#directives provides this information.

Last edit: Pascal Buchbinder 2021-02-16
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Andreas K. - 2021-02-17

That seems to work perfectly! Thank you!

Will there be an option in the future where we would be able to exclude/skip ALL RULES in the config file based on a whitelisted IP or IP ranges? I think this would be very useful, especially for larger organizations, i.e. with a development department. This is probably also what people on here have been asking for previously.

The other problem I ran into (related to that) was Google crawling heavily, but I still would like to allow their IP address ranges so they can crawl without being restricted. We need to be able to exclude certain IP address ranges in my opinion, without unsetting variables for every single rule seperately (rulesets can grow very large on complex websites). A single line on the very top of the config file to skip the rest below (something like "WhitelistIP 123.123.123.0/24") would be the most useful and obvious way. Just a suggestion for this desperately needed feature.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Pascal Buchbinder - 2021-02-21

The privileged users feature is intended to disable rules for some users / addresses. It's not automatically applied to all types of directives (see list) but you can also use the QS_VipRequest and QS_IsVipRequest variables to disable rules for the same clients.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.