On 10/10/06, Sagi Bashari [EMAIL PROTECTED] wrote:
I'm looking for a way to prevent such attack in a higher level, before it even reaches Apache. I found a iptables module named connlimit/iplimit, that is supposed to do just that, but it seems the official kernels do not support it and there's a
Sagi Bashari wrote:
I'm looking for a way to prevent such attack in a higher level, before
it even reaches Apache. I found a iptables module named
connlimit/iplimit, that is supposed to do just that, but it seems the
official kernels do not support it and there's a serious lack of
You can do that on netfilter using iptables but i suggest caution.
You see, there are many organizations that uses NAT or MASQUERADING
so, to netfilter it will look like you are getting flooded.
What you actually need is to identify somehow that some specific client
opened the connection and limit
(resending to list)On 10/10/06, Amos Shapira [EMAIL PROTECTED] wrote:
On 10/10/06, Sagi Bashari [EMAIL PROTECTED] wrote:
I'm looking for a way to prevent such attack in a higher level, before it even reaches Apache. I found a iptables module named connlimit/iplimit, that is supposed to do just
On 10/10/06, Amos Shapira [EMAIL PROTECTED] wrote:
On 10/10/06, Sagi Bashari [EMAIL PROTECTED]
wrote:
On 10/10/06, Amos Shapira [EMAIL PROTECTED] wrote:
On 10/10/06, Sagi Bashari [EMAIL PROTECTED] wrote:
I'm looking for a way to prevent such attack in a higher level, before it even reaches
On 10/10/06, Sagi Bashari [EMAIL PROTECTED] wrote:
[EMAIL PROTECTED]:~# iptables -A INPUT -p tcp --dport 80 -m connlimit --connlimit-above 3 -j REJECT
iptables: No chain/target/match by that nameTrying this command on my Debian Etch I get:$ sudo iptables -A INPUT -p tcp --dport 80 -m connlimit
On Tue, 10 Oct 2006, Amos Shapira wrote:
Date: Tue, 10 Oct 2006 22:25:05 +1000
From: Amos Shapira [EMAIL PROTECTED]
To: linux-il linux-il@linux.org.il
Subject: Re: Limiting the number of simultaneous HTTP connection per IP
On 10/10/06, Sagi Bashari [EMAIL PROTECTED] wrote:
[EMAIL