You can do that on netfilter using iptables but i suggest caution. You see, there are many organizations that uses NAT or MASQUERADING so, to netfilter it will look like you are getting flooded. What you actually need is to identify somehow that some specific client opened the connection and limit it to let's say 5 connections.
On Tuesday 10 October 2006 12:23, Sagi Bashari wrote: > Hi List, > > We've recentely had trouble with some misbehaved web clients that opened > dozens of HTTP connections to our web server, causing it to reach the total > connection limit and just hang until they timeout or until the server is > restarted. > > We're sure that this is not an intentional DoS attack and these clients > will probably be fixed, but I would like to prevent the possibility of such > attacks in the future, intentional or otherwise. > > I managed to replicate such attack against our server by running a trivial > script on my workstation: > for i in `seq 100`; do (nc HOST 80 &); done > > Our servers are running Apache/2.0.54 on Debian Sarge. > > There are many Apache modules that aim to solve such problems. I've tested > a few, and they all seem to not prevent it completely. These modules wait > until the client sends a complete request and only then check if it should > be blocked, serving Apache error page. They don't take any action if the > client just opens a TCP connection and leaves it hanging, for example. > > I'm looking for a way to prevent such attack in a higher level, before it > even reaches Apache. I found a iptables module named connlimit/iplimit, > that is supposed to do just that, but it seems the official kernels do not > support it and there's a serious lack of information about it. > > I guess I'm not the only one who experienced such problems and there must > be a better known solutions. > > Please advice, > Sagi -- Regards, Tzahi. -- Tzahi Fadida Blog: http://tzahi.blogsite.org | Home Site: http://tzahi.webhop.info WARNING TO SPAMMERS: see at http://members.lycos.co.uk/my2nis/spamwarning.html ================================================================To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
