[StepByStep] Limiting download speed and number of connections per IP with mod_choke


Mar 31, 2006
Just solved this task and want to share with you :)

- Apache 1.3.x.
- apxs utility installed (usually at /usr/local/apache/bin/apxs)

Step 1. Downloading and installing mod_choke
- SSH to your server
- cd /usr/local
- mkdir mod_choke
- cd mod_choke
- wget http://os.cyberheatinc.com/mod_choke/mod_choke-0.07.tar.gz
- tar -zxvf mod_choke-0.07.tar.gz
- cd mod_choke-0.07
- Edit file named Makefile with your favourite editor (edit, vi, nano, whatever. I am using mc for that). Locate the like APXS=apxs at the beginning of this file. Replace apxs with the full path to your apxs. On my machine (CentOS) it is /usr/local/apache/bin/apxs. So at that line you should have something like this:

- Save file and exit
- make
- make install
Your mod_choke is now compiled.

Step 2. Configuring mod_choke
- Open your httpd.conf with your favourite editor. Ensure LoadModule choke_module directive is there.
- Scroll to the very end of your file. Add the following line to the end of the file:
You can place mod_conf at any directory on your server, but I prefer following CPanel/WHM conventions.
- Save httpd.conf and exit.
- Open mod_choke.conf.
- Now look to README file that comes with mod_choke. It is very easy to understand. Just remember, that mod_choke.conf is a regular Apache configuration file. Nothing more.
- Save your mod_choke.conf.

Step 3. Securing mod_choke
Remember <Location /choke-status> line in the example? If you now will restart apache now and open URL www.yourservername.com/choke-status you will indeed see choke status, that is now available for everyone! And it is not something we desire, right? Let's password protect this.
- Go to your CPanel -> Password Protect Directories. Protect ANY directory on your server with password. If you already have directories protected with login/pass you want to protect choke status, just proceed to next step.
- Open your mod_choke.conf and make the Location tag looks like this:

<Location /choke-status>
    SetHandler choke-status
    AuthType Basic
    AuthName "WHAT DO YOU NEED HERE???"
    AuthUserFile "/home/support/.htpasswds/public_html/admin/passwd"
    require valid-user 
Replace public_html/admin with the full path to directory you protected with password relative to your homedir. You can also make required password file yourself if you know how to ;)

Step 4. Making httpd.conf changes permanent
Sometimes after rebuilding apache or upgrading CPanel changes to httpd.conf are gone (it happens with EasyApache 3 which comes with latest WHM/Cpanel 11). To make them permanent you can issue command
/usr/local/cpanel/bin/apache_conf_distiller --update --main
This will make changes you made permanent. However, it is easy to reapply them manually. You can just repeat
make install at mod_choke source directory (see above) and add that Include line to httpd.conf

Step 5. Applying all
Ok. Now we did all we wanted to. Let's now enable all settings.
- service httpd restart

Apache will restart. Now you can navigate to www.yourservername.com/choke-status to ensure your mod_choke is really working.

The all above was tested on CentOS 4.4 and 4.6 server with latest WHM 11.15.0 cPanel 11.17.0-S19434 installed. It was also working on WHM/CPanel 10. I upgraded just serveral days ago.

Have a good greedy-user hunt!
Last edited: