readme CSF file examples missing.

Post Reply
Sergio
Junior Member
Posts: 1712
Joined: 12 Dec 2006, 14:56

readme CSF file examples missing.

Post by Sergio »

Hi Jonathan,
just to let you know that examples on how to set connlimit are missing, from the readme.txt file:
The protection can only be applied to the TCP protocol.

Syntax for the CONNLIMIT setting:

PORTFLOOD is a comma separated list of:
port;limit

So, a setting of PORTFLOOD = "22;5,80;20" means:
Sergio
Frego
Junior Member
Posts: 8
Joined: 08 Jan 2010, 08:00

Re: readme CSF file examples missing.

Post by Frego »

I did this. No warnings from doing it.

CONNLIMIT = 80;20,110;5,143;5,443;5,465;5,587;5,993;5,995;5

PORTFLOOD = 80;tcp;20;5,110;tcp;20;5,143;tcp;20;5,443;tcp;20;5,465;tcp;20;5,587;tcp;20;5,993;tcp;20;5,995;tcp;20;5

CONNLIMIT_LOGGING = 1
chirpy
Moderator
Posts: 3537
Joined: 09 Dec 2006, 18:13

Re: readme CSF file examples missing.

Post by chirpy »

I'll fix the cut&paste mistake in the next release. It should of course read:
The protection can only be applied to the TCP protocol.

Syntax for the CONNLIMIT setting:

CONNLIMIT is a comma separated list of:
port;limit

So, a setting of CONNLIMIT = "22;5,80;20" means:
Sergio
Junior Member
Posts: 1712
Joined: 12 Dec 2006, 14:56

Re: readme CSF file examples missing.

Post by Sergio »

Thank you Jonathan.
tvcnet
Junior Member
Posts: 38
Joined: 30 Sep 2009, 00:01

Re: readme CSF file examples missing.

Post by tvcnet »

Hi,
So are there general recommendations for these two settings?

CONNLIMIT =
PORTFLOOD =

We have not used them in the past though are considering applying them on servers we've seen more aggressive connections recently.

Safe settings that generally work well in a shared server environment recommended by CSF staff?

Thanks,
Jim
chirpy
Moderator
Posts: 3537
Joined: 09 Dec 2006, 18:13

Re: readme CSF file examples missing.

Post by chirpy »

The settings values depend entirely on your user demographic and the type of attack you want to block. You will simply have t experiment with settings until you reduce the number of false-positives to an acceptable level. We would recommend using CONNLIMIT over PORTFLOOD where possible.
Post Reply