ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://mail.forum.configserver.com/

CONNLIMIT and PORTFLOOD correct settings

https://mail.forum.configserver.com/viewtopic.php?t=6829

Page 1 of 1

CONNLIMIT and PORTFLOOD correct settings

Posted: 01 Aug 2013, 01:28
by bennieblanco
We are being hit hard by a botnet and hundreds of ip's are poring in requesting many requests , in order to mitigate attack we set

CONNLIMIT = 80;200

and
PORTFLOOD = "80;tcp;200;5"

the original was to set those at 80/20 but Softlayer admin says that we should count how many links ( a href ) we have on the pages,

on each page we have no more than 15 images loading but we do have plenty of internal links to download sections , forums etc, so the actual links ( a href ) count is 180 per page.

what should we set those 2 params at to lower the server load ?

Re: CONNLIMIT and PORTFLOOD correct settings

Posted: 01 Aug 2013, 14:02
by lukapaunovic
Please note for PORTFLOOD, you need to keep the hit count to below 20.
It only counts 20 packets per address remembered.

If you are under DDoS attack:

Code: Select all

PORTFLOOD = 80;tcp;20;3
If you are not:

Code: Select all

PORTFLOOD = 80;tcp;20;5
I would recommend enabling CT_LIMIT to:

Code: Select all

CT_LIMIT = 100
And CT_INTERVAL

Code: Select all

CT_INTERVAL = 20
And do not forget CT_PORTS, so it only count for Apache

Code: Select all

CT_PORTS = 80,443
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited