We are being hit hard by a botnet and hundreds of ip's are poring in requesting many requests , in order to mitigate attack we set
CONNLIMIT = 80;200
and
PORTFLOOD = "80;tcp;200;5"
the original was to set those at 80/20 but Softlayer admin says that we should count how many links ( a href ) we have on the pages,
on each page we have no more than 15 images loading but we do have plenty of internal links to download sections , forums etc, so the actual links ( a href ) count is 180 per page.
what should we set those 2 params at to lower the server load ?
CONNLIMIT and PORTFLOOD correct settings
-
bennieblanco
- Junior Member
- Posts: 3
- Joined: 22 Mar 2009, 07:05
-
lukapaunovic
- Junior Member
- Posts: 8
- Joined: 01 Aug 2013, 13:42
Re: CONNLIMIT and PORTFLOOD correct settings
Please note for PORTFLOOD, you need to keep the hit count to below 20.
It only counts 20 packets per address remembered.
If you are under DDoS attack:
If you are not:
I would recommend enabling CT_LIMIT to:
And CT_INTERVAL
And do not forget CT_PORTS, so it only count for Apache
It only counts 20 packets per address remembered.
If you are under DDoS attack:
Code: Select all
PORTFLOOD = 80;tcp;20;3
Code: Select all
PORTFLOOD = 80;tcp;20;5
Code: Select all
CT_LIMIT = 100Code: Select all
CT_INTERVAL = 20Code: Select all
CT_PORTS = 80,443