How to limit connection bandwidth in Apache

Large downloads can quietly turn a fast web server into a slow website. Capping transfer rates helps prevent a single client from saturating a shared uplink, keeps interactive pages responsive under load, and makes bandwidth usage a little less “surprise!” on shared hosting.

The Apache web server provides mod_ratelimit, which adds an output filter named RATE_LIMIT that throttles response bodies while they are streamed to the client. The target rate is set using the rate-limit environment variable, and an optional “full-speed burst” can be configured with rate-initial-burst.

Commands below assume the Ubuntu and Debian layout (/etc/apache2, a2enmod, and the apache2 systemd unit). The throttle is applied per HTTP response, so parallel downloads can multiply total bandwidth usage, and applying the filter at the wrong scope can slow an entire site.

Steps to limit connection bandwidth in Apache using mod_ratelimit:

Open a terminal with sudo privileges.
Enable the mod_ratelimit module.
```
$ sudo a2enmod ratelimit
Considering dependency env for ratelimit:
Module env already enabled
Enabling module ratelimit.
To activate the new configuration, you need to run:
  systemctl restart apache2
```
mod_ratelimit uses SetEnv from mod_env, and a2enmod enables the dependency automatically on Debian and Ubuntu.

a2enmod is available on Debian, Ubuntu, and openSUSE or SLES. Fedora, CentOS, and RHEL typically enable mod_ratelimit by ensuring a LoadModule ratelimit_module .../mod_ratelimit.so line is present in the module configuration (commonly under /etc/httpd/conf.modules.d) before restarting the httpd service.

Related: How to enable or disable Apache modules
Open the target Apache virtual host configuration file in a text editor.
```
$ sudo vi /etc/apache2/sites-available/000-default.conf
```
On Debian and Ubuntu, TLS virtual hosts are commonly configured under /etc/apache2/sites-available as well (for example, /etc/apache2/sites-available/default-ssl.conf).
Add the RATE_LIMIT output filter with its throttle variables to the desired context.
```
<VirtualHost *:80>
        SetOutputFilter RATE_LIMIT
        SetEnv rate-limit 512
        SetEnv rate-initial-burst 1024
</VirtualHost>
```
rate-limit is in KiB/s and rate-initial-burst is in KiB, so the example limits transfers to about 512 KiB/s after an initial ~1 MiB burst. Remove the rate-initial-burst line to throttle from the first byte.

Placing the filter at VirtualHost scope throttles every response for that site, including HTML, CSS, and images. Use a Location or Directory block to target only large download paths when selective throttling is required.

Related: Location for Apache VirtualHost configuration
Documentation: Official documentation for mod_ratelimit
Save the configuration file.
Test the Apache configuration for syntax errors.
```
$ sudo apache2ctl configtest
Syntax OK
```
Related: How to test your Apache configuration
Restart the apache2 service to apply the changes.
```
$ sudo systemctl restart apache2
```
On Fedora, CentOS, and RHEL, the service name is typically httpd.

Related: How to manage the Apache web server service

Check the service status for startup errors.

$ sudo systemctl status apache2 --no-pager -l
● apache2.service - The Apache HTTP Server
     Loaded: loaded (/usr/lib/systemd/system/apache2.service; enabled; preset: enabled)
     Active: active (running) since Sat 2026-01-10 13:43:38 +08; 8ms ago
       Docs: https://httpd.apache.org/docs/2.4/
    Process: 8244 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
   Main PID: 8247 (apache2)
      Tasks: 55 (limit: 4546)
     Memory: 5.1M (peak: 5.6M)
        CPU: 12ms
     CGroup: /system.slice/apache2.service
             ├─8247 /usr/sbin/apache2 -k start
             ├─8249 /usr/sbin/apache2 -k start
             └─8250 /usr/sbin/apache2 -k start

Jan 10 13:43:38 host systemd[1]: Starting apache2.service - The Apache HTTP Server...
Jan 10 13:43:38 host systemd[1]: Started apache2.service - The Apache HTTP Server.
##### snipped #####

Verify the ratelimit_module is loaded after the restart.

$ sudo apache2ctl -M | grep ratelimit
 ratelimit_module (shared)

Download a large file from the rate-limited site to confirm the transfer rate.

$ curl --output /tmp/large.bin -H 'Host: host.example.net' http://127.0.0.1/large.bin
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 5120k  100 5120k    0     0   623k      0  0:00:08  0:00:08 --:--:--  478k

Use a large file and run the download from a separate host to observe the sustained limit after the burst.

Author: Mohd Shakir Zakaria
Mohd Shakir Zakaria is a cloud architect with deep roots in software development and open-source advocacy. Certified in AWS, Red Hat, VMware, ITIL, and Linux, he specializes in designing and managing robust cloud and on-premises infrastructures.