51 lines
1.4 KiB
Plaintext
51 lines
1.4 KiB
Plaintext
# Apache configuration for /api endpoint with authentication and rate limiting
|
|
|
|
# Load required modules
|
|
# Ensure these modules are enabled in your Apache installation:
|
|
# mod_authn_file, mod_authz_user, mod_auth_basic, mod_security2
|
|
|
|
# Define authentication for /api
|
|
<Location "/api">
|
|
AuthType Basic
|
|
AuthName "Restricted API Access"
|
|
AuthUserFile passwd
|
|
Require valid-user
|
|
|
|
# Limit the number of requests per user per hour to 100 using mod_security
|
|
# mod_security config block
|
|
SecRuleEngine On
|
|
SecRequestBodyAccess Off
|
|
|
|
# Define a collection to track requests by authenticated user
|
|
SecAction \
|
|
"id:9000001,\
|
|
phase:1,\
|
|
nolog,\
|
|
pass,\
|
|
initcol:USER=ip=%{REMOTE_ADDR}_user=%{REMOTE_USER}"
|
|
|
|
# Increment counter on each request
|
|
SecAction \
|
|
"id:9000002,\
|
|
phase:1,\
|
|
nolog,\
|
|
pass,\
|
|
setvar:USER.api_counter=+1,\
|
|
expirevar:USER.api_counter=3600"
|
|
|
|
# If counter exceeds 100, deny with status 429
|
|
SecRule USER:api_counter "@gt 3" \
|
|
"id:9000003,\
|
|
phase:1,\
|
|
deny,\
|
|
status:429,\
|
|
log,\
|
|
msg:'API rate limit exceeded for user %{REMOTE_USER}'"
|
|
|
|
# Optional: custom error message for 429
|
|
ErrorDocument 429 "429 Too Many Requests - API rate limit exceeded. Please try again later."
|
|
|
|
</Location>
|
|
|
|
# Global error log format (set this outside of <Location>)
|
|
ErrorLogFormat "[%t] [%l] [api-auth] [client %a] %M" |