Skip to main content

csf ct_limit and connlimit

Comments

3 comments

  • cPanelLauren
    This is discussed in section 20 of the readme provided by CSF: [QUOTE=https://download.configserver.com/csf/readme.txt] 20. Connection Limit Protection ############################### This option configures iptables to offer protection from DOS attacks against specific ports. It can also be used as a way to simply limit resource usage by IP address to specific server services. This option limits the number of new concurrent connections per IP address that can be made to specific ports. This feature does not work on servers that do not have the iptables module xt_connlimit loaded. Typically, this will be with Monolithic kernels. VPS server admins should check with their VPS host provider that the iptables module is included. Also, although included in some older versions or RedHat/CentOS, it was only actually available from v5.3+ The protection can only be applied to the TCP protocol. Syntax for the CONNLIMIT setting: CONNLIMIT is a comma separated list of: port;limit So, a setting of CONNLIMIT = "22;5,80;20" means: 1. Only allow up to 5 concurrent new connections to port 22 per IP address 2. Only allow up to 20 concurrent new connections to port 80 per IP address Note: Existing connections are not included in the count, only new SYN packets, i.e. new connections Note: Run /etc/csf/csftest.pl to check whether this option will function on the server
    They also have several threads on this in their forums:
    0
  • perplex
    This is discussed in section 20 of the readme provided by CSF: They also have several threads on this in their forums:

    Hey Lauren, The last 3 links you mention are dead-links, any idea where they've gone? or Anywhere I can find more info on this issue? Thanks
    0
  • cPJustinD
    Hello perplex! A ConfigServer Forums Moderator may have since been removed these forum posts. Please keep in mind that the configuration and management of third-party services not provided by cPanel, such as CSF, is best handled by a qualified administrator who has the experience and expertise necessary to diagnose and troubleshoot such systems. For more information on the issue, it may be best to contact ConfigServer's support team or post a new thread in their forums regarding these concurrent connections. For your convenience, I've found a link with their support contact methods here:
    0

Please sign in to leave a comment.