Limit connection to httpd per ip.

Bidi

• November 25, 2013 12:19

Hello guys i was looking for this for 1 or 2 weeks i didnt fiind any solutions. I got a problem with this tcp 0 0 s1.hzone.ro:http 109.102.191.82:63121 SYN_RECV tcp 0 0 s1.hzone.ro:http 109.102.191.82:64673 SYN_RECV And it makes from same ip difrent port like 500 connections till csf bans it. How can i limit this tipes of connections to http / ip Like this user ip 109.102.191.82 if he make more then 10 connections to http to give hem blank page or not to work ? I tryed even with iptables ... but ussles.

• 

  quietFinn

  • November 25, 2013 17:24

  Have you tried CONNLIMIT in CSF?

  0
• 

  Bidi

  • November 25, 2013 17:50

  Yes and is ussles......

  0
• 

  quizknows

  • November 25, 2013 21:34

  Try using modsecurity to limit number of read states per IP. [url=http://blog.spiderlabs.com/2011/07/advanced-topic-of-the-week-mitigating-slow-http-dos-attacks.html](Updated) ModSecurity Advanced Topic of the Week: Mitigating Slow HTTP DoS Attacks - SpiderLabs Anterior

  0
• 

  Bidi

  • November 25, 2013 22:12

  [quote="quizknows, post: 1515871">Try using modsecurity to limit number of read states per IP. [url=http://blog.spiderlabs.com/2011/07/advanced-topic-of-the-week-mitigating-slow-http-dos-attacks.html](Updated) ModSecurity Advanced Topic of the Week: Mitigating Slow HTTP DoS Attacks - SpiderLabs Anterior

  0
• 

  quizknows

  • November 26, 2013 01:13

  If you have ModSecurity selected in EasyApache, then you would just have to add this line to /usr/local/apache/conf/modsec2.user.conf SecReadStateLimit 25 You would have to restart apache for the setting to be active. This is just an example, you could try anywhere from 5 to 50. This example setting would limit each connecting IP to 25 simulatneous READ connections to the Apache server. I say this setting instead of SecConnReadStateLimit because the newest modsec build in EA is 2.7.5 which still uses SecReadStateLimit.

  0
• 

  ravi9

  • November 26, 2013 05:23

  You can also use [url=http://deflate.medialayer.com](D)DoS Deflate - deflate.medialayer.com plugin. With default configuration, IP will get blocked for 1 minutes after 150+ connections.

  0
• 

  Bidi

  • April 16, 2014 16:11

  Ravi i will try it, sorry guys for not answearing but my father has died in december and since then my mom she's loosing hear mind.

  0
• 

  xbaha

  • January 01, 2015 13:08

  [quote="quizknows, post: 1515991">If you have ModSecurity selected in EasyApache, then you would just have to add this line to /usr/local/apache/conf/modsec2.user.conf SecReadStateLimit 25 You would have to restart apache for the setting to be active. This is just an example, you could try anywhere from 5 to 50. This example setting would limit each connecting IP to 25 simulatneous READ connections to the Apache server. I say this setting instead of SecConnReadStateLimit because the newest modsec build in EA is 2.7.5 which still uses SecReadStateLimit.
  hi, sorry to jump in a year later, hope you still around... i was looking for such a solutions also, but i only want it to limit concurrent HTTP POST requests per ip per seconds, (if HTTP GET, then allow unlimited sim connections). is there away to do that? thanks.

  0
• 

  quizknows

  • January 01, 2015 17:50

  I'm not aware of a way to restrict the SecReadStateLimit to certain request methods, but I'll take a look at it.

  0

Please sign in to leave a comment.