Excuse my newbieness, but why couldn't this be done at layer4 in the tcp
hand shake?

On Mon, Jan 23, 2012 at 2:27 PM, Nathan Eisenberg
<[email protected]>wrote:

> Not at an HTTP layer.  You could limit the maximum state entries per host
> to 100, and set the state timeout to 60, but then all connections (to any
> file) will be limited in that way.****
>
> ** **
>
> This kind of rule belongs either at an HTTP proxy layer (if you were to
> frontend your website with haproxy or ngnix) or in the application itself.
> ****
>
> Nathan Eisenberg
> Atlas Networks | Sr. Systems Administrator
> office: 206.577.3078  |  www.atlasnetworks.us *
> *[image: Description: Description: Description: Description:
> FaceBook-icon] <http://www.facebook.com/AtlasNetworks> [image:
> Description: Description: Description: Description: 
> Twitter-icon]<http://twitter.com/atlasnetworks>
> ****
>
> ** **
>
> *From:* [email protected] [mailto:
> [email protected]] *On Behalf Of *S Ahmed
> *Sent:* Monday, January 23, 2012 11:20 AM
> *To:* [email protected]
> *Subject:* [pfSense] rate limiting****
>
> ** **
>
> Does pfsense support rate limit for the given scenerio:****
>
> ** **
>
> Clients use a API that sends http post requests to my server at a specific
> url like:****
>
> ** **
>
> www.example.com/some_service/a/b****
>
> ** **
>
> ** **
>
> I want to limit the # of requests per minute to 100.****
>
> ** **
>
> If there are more than 100 requests in a given minute, I want to hard
> block all further requests.****
>
> ** **
>
> I don't know client i.p addresses before hand.****
>
> ** **
>
> Also if this is possible, could I also set different rate limits if I knew
> the clients ipaddress/server host?****
>
> ** **
>
> ** **
>
> _______________________________________________
> List mailing list
> [email protected]
> http://lists.pfsense.org/mailman/listinfo/list
>
>

<<image001.png>>

<<image002.png>>

_______________________________________________
List mailing list
[email protected]
http://lists.pfsense.org/mailman/listinfo/list

Reply via email to