Page 1 of 1
readme CSF file examples missing.
Posted: 18 May 2011, 17:22
by Sergio
Hi Jonathan,
just to let you know that examples on how to set connlimit are missing, from the readme.txt file:
The protection can only be applied to the TCP protocol.
Syntax for the CONNLIMIT setting:
PORTFLOOD is a comma separated list of:
port;limit
So, a setting of PORTFLOOD = "22;5,80;20" means:
Sergio
Re: readme CSF file examples missing.
Posted: 19 May 2011, 21:20
by Frego
I did this. No warnings from doing it.
CONNLIMIT = 80;20,110;5,143;5,443;5,465;5,587;5,993;5,995;5
PORTFLOOD = 80;tcp;20;5,110;tcp;20;5,143;tcp;20;5,443;tcp;20;5,465;tcp;20;5,587;tcp;20;5,993;tcp;20;5,995;tcp;20;5
CONNLIMIT_LOGGING = 1
Re: readme CSF file examples missing.
Posted: 23 May 2011, 11:22
by chirpy
I'll fix the cut&paste mistake in the next release. It should of course read:
The protection can only be applied to the TCP protocol.
Syntax for the CONNLIMIT setting:
CONNLIMIT is a comma separated list of:
port;limit
So, a setting of CONNLIMIT = "22;5,80;20" means:
Re: readme CSF file examples missing.
Posted: 23 May 2011, 17:21
by Sergio
Thank you Jonathan.
Re: readme CSF file examples missing.
Posted: 23 Aug 2011, 01:45
by tvcnet
Hi,
So are there general recommendations for these two settings?
CONNLIMIT =
PORTFLOOD =
We have not used them in the past though are considering applying them on servers we've seen more aggressive connections recently.
Safe settings that generally work well in a shared server environment recommended by CSF staff?
Thanks,
Jim
Re: readme CSF file examples missing.
Posted: 29 Aug 2011, 10:46
by chirpy
The settings values depend entirely on your user demographic and the type of attack you want to block. You will simply have t experiment with settings until you reduce the number of false-positives to an acceptable level. We would recommend using CONNLIMIT over PORTFLOOD where possible.