Limit IP Connections Per Second via CSF Settings
Posted: 11 May 2011, 18:46
Hi,
I was wondering if you could add some options to limit connections per IP per second to the CSF config screen.
Maybe even take a look at mod_limitipconn, which not really works. Currently it is not possible to configure CSF to block simultaneous requests to a single site e.g. google.com/site.html. Yes, I can use Connection track and enter port 80, but that's not very helpful and can be bypassed easily.
For example, I recently added
iptables -I INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 20 -j DROP
Image: http://i55.tinypic.com/x2jgxy.jpg
Now, I really don't know if this will even work, because people still make too many connections per seconds, so it would be great if you could add some configuration to make this easier for us.
Thanks and keep up the good work,
Oliver
I was wondering if you could add some options to limit connections per IP per second to the CSF config screen.
Maybe even take a look at mod_limitipconn, which not really works. Currently it is not possible to configure CSF to block simultaneous requests to a single site e.g. google.com/site.html. Yes, I can use Connection track and enter port 80, but that's not very helpful and can be bypassed easily.
For example, I recently added
iptables -I INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 20 -j DROP
Image: http://i55.tinypic.com/x2jgxy.jpg
Now, I really don't know if this will even work, because people still make too many connections per seconds, so it would be great if you could add some configuration to make this easier for us.
Thanks and keep up the good work,
Oliver