Rule To Limit Apache (port 80) Connections From 1 IP To 15

Apr 12, 2007

any good rule to limit Apache (port 80) connections from 1 IP to 15 with iptables/csf?

And total connections to the box to 100?

View 6 Replies


Limit Apache (thread) Connections Per Request

Jan 9, 2007

I've been having trouble the past few days with someone who's been "attacking" my site so to speak by continuously downloading very large files with as many connections as (he) can open. I operate a large downloads site for computer games, this person has selected the largest files (like 400-500MB). Not sure of the real intent other than to clog up my bandwidth capacity. Also he appears to be using proxies since as soon as I ban one, another shows up seeminly from China.

Anyway, I have mod_bw and I've limited the number of connections in the downloads area to 2. While that works ok, his tool uses threads like a download manager would and he's using up 30-40 child threads for his 2 file downloads.

So 2 questions,

Is there anyway to not only limit file downloads to 2, but limit the number of connections per request? Many of my visitors do use download managers and I'd like for them to continue using them but use a reasonable number of threads like 6 or 8, but not 30.

Also, is there a way to restrict access to someone using a proxy?

View 2 Replies View Related

The VPS Iptables Rule Limit

Aug 7, 2008

We installed csf firewall in main node and we have following error when try to start firewall, how can resolve this issue?

[root@m5088 csf]# csf -s
Error: The VPS iptables rule limit (numiptent) is too low (400/400) - stopping firewall to prevent iptables blocking all connections, at line 123

View 3 Replies View Related

Iptables Rule Limit (numiptent)

Jun 1, 2008

I have a openvz based vps server, my vps users have "The VPS iptables rule limit (numiptent)" error when try to install and start any firewall.

how can resolve this issue?

View 4 Replies View Related

IPTables Rule Using Modules Limit & Length Simoultaneously

Apr 4, 2009

I am currently trying to limit incoming UDP length 20 packets on a per IP basis to 5 a second using IPTables on a Linux machine (CentOS 5.2).

Basically, if an IP is sending more than 5 length 20 UDP packet a second to the local machine, I would like the machine to drop the excess length 20 packets coming from that IP.

The modules that should work perfectly for this type of "rule set" are;

- Limiting module
- Length module

Both of which are installed / compiled with the kernel/IPTables correctly and functioning.

I have tried several rule sets, and they all seem to not fully work. Either they drop all UDP length 20 packets going to the local machine or allow all them through.

Below is one of the rule sets I use, and it is not working. Any ideas what the issue could be?

iptables -N UDPC1
iptables -A INPUT -p udp -m length --length 20 -j UDPC1
iptables -A UDPC1 -p udp -m length --length 20 -m limit --limit 5/second -j ACCEPT
iptables -A UDPC1 -j DROP

View 1 Replies View Related

Limit Connections Per IP

May 15, 2008

How can I Limit connections per IP in IIS6?

For example 10 connection per IP is allowed in a minute.

View 0 Replies View Related

Limit # Ip Connections

May 31, 2008

on setting up some sort of firewall who only allows 10 connections from the same ip to avoid spamming, abuse on the server.

How should i do this?

View 3 Replies View Related

Limit Connections - DDOS

Dec 14, 2008

one of my friend say that if i install an apache module which one limit the users conection can help me to protect from ddos.

becaus one of my users domain is under ddos and i think that if i limit his conection, if sombody wants to do ddos and open conection foraxample up 30 he is attacker and ban.

is it right and how i can do it and limit a one user?

View 6 Replies View Related

Limit Connections Per IP/Hostname

Aug 25, 2007

How is this done? from what I gether, there's nothing built into apache which can do this which I personally think is a bit silly as it seems like a common thing. Can anyone offer any help (for apache 2).

View 5 Replies View Related

Hitting Connections Per Second Limit Of RedHat EL

Jun 11, 2009

I have a powerful 8 core 8gb ram web server with scsi raid drives running RedHat EL 4. This server handles 2,000 - 3,000 HTTP requests per second via Litespeed httpd without strain (over 60%+ CPU idle time during peak load, under 1% IO wait). As the traffic volume continues to increase I've encountered a strange problem, the symptoms of which are as follows:

- About 1/4 or 1/3 of new connections are not answered by the server - they time out.

- All connections that are answered have exactly 3 seconds added to the time it takes to establish connection with the server (can be seen as "Connecting to ..." phase in FireFox). HTTP response times were tested by Pingdom from multiple locations all over the world.

- The problem is either "on" or "off", it is not gradual.

- Server ping is unaffected during the problem - no delay and no packet drops.

- The problem does not happen during off-peak hours of the day.

If litespeed httpd settings are tweaked to keep as many connections as possible in keepalive state for as long as possible, the problem is avoided, while tens of thousands of connections are kept in keepalive state.

Possible causes that were tested and eliminated: PHP/MySQL load (problem applies to static files exactly the same), CPU / IO / RAM, network uplink, hardware firewall, DNS.

This makes me think that there is some kind of bottleneck of how many NEW connections per second the server can accept. By maxing out keepalive quantity and duration I'm reducing the number of new connections per second. This is a temporary fix that will only work up to a certain point.

After investigation, litespeed staff verified that my litespeed configuration was correct and after some testing said that nothing in litespeed was responsible for this limiting factor. Litespeed process uses relatively little CPU and can definitely handle more volume.

Following sysctl.conf values were increased substantially to see if that will make a difference: tcp_max_syn_backlog, tcp_max_tw_buckets, tcp_max_orphans, netdev_max_backlog, somaxconn, file-max. This didn't produce any results. Disabling syncookies didn't help either. dmesg doesn't have any notices of limits being hit or throttles being applied.

Litespeed staff suggests that likely some limit in linux kernel is being reached. The strange 3 second delay does seem like an "intelligent" DDOS protection strategy of some sort. Perhaps this is some kind of kernel level DDOS protection?

View 9 Replies View Related

How To Limit Apache2 Global Per IP Connections

Jan 27, 2008

Some limit connection mods can limit max connections per vhost, any mod can limit connections to apache server per IP?

View 3 Replies View Related

Any Firewall For Windows To Limit Connections Per Ip

Apr 26, 2008

windows 2003

limit connections per ip to a port

im currently using routix netcom

it can limit the connections( NOT bandwidth) only but not per ip

another firewall which limit connections per ip

View 14 Replies View Related

Limited HTTPD Connections. How To Not Limit Them

Apr 13, 2007

When I SSH'd into my box, I received this message: is on this server. HTTPD connections have been limited to restrict this script from overloading server. All servers that have hosted this file need to have extremely limited http connections or have this file removed. It is poorly written and intense on CPU/memory.

How do I go and allow to be run on my server again? I use it solely for personal sites, so I wish to not have this file blocked and be allowed to run. I've searched for almost an hour now so I figured I would go ahead and post to see if any more experienced members could assist.

View 3 Replies View Related

500+ Connections To Port 80

May 27, 2007

Someone attacked my server yesterday with a script or something. I ran # netstat -plan|grep :80|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1
and it showed me that one client made more than 500 connections to port 80, causing a load higher than 50. I disabled thread and content viewing for guests on my vbulletin forum, and the load went back to 1.5. I analyzed the apache logfile, but it doesn't show any suspicious activity for that client.

How did he manage to make more than 350 connections to my server? With a script or something? I've APF firewall installed in monolythic kernel mode with the standard rules.

How can i prevent such events in the future?

View 6 Replies View Related

How To Limit Num Of Connections Per Hosted Site On Ded. Server

Jan 24, 2007

OS: Linux, on Apache 2.0

Would you know and kindly tell me if there's a way to limit X number of connections per hosted site?

Because I don't want someone with high traffic forum unfairly stealing most connections for himself, which makes other sites suffer in performance.

View 1 Replies View Related

How To Limit Http/mysql Connections Per Domain

Jun 22, 2007

how i can limit http and mysql connection limit on per domain basis.

View 2 Replies View Related

Deny All Connections To Certain Port, Except For

May 28, 2009

I have problems configuring some ports and rules on CSF on a cPanel server.

Port 37500 is used by a Java web app, so, i opened both tcp incoming and outgoing ports:

TCP_IN = "20,21,22,25,26,53,80,110,143,443,465,587,993,995,2082,2083,2086,2087,2095,2096,37500"
TCP_OUT = "20,21,22,25,26,37,43,53,80,110,113,443,587,2087,2089,2703,37500"
Then.. to allow access from the server IP and localhost, added this at csf.allow:


And to deny all access to the server on that specific port (except for the ones I whitelisted before), added this to csf.deny:

Result = no one can connect to the server on that port, not even from the web app itself, it's not connecting to the port 37500.

How can I configure port 37500 to accept local connections (from the web server) and deny all external connections?

View 6 Replies View Related

Flood Connections On Port 80

Aug 1, 2007

When I check on port 80 connections, I get a list of few IPs with more than 100 connections.

I need to know which website / specific file being downloaded / URL is the IP accessing to? How can I do that?

View 3 Replies View Related

How To Limit Connections Per IP Address Based On Domain + String

Oct 25, 2009

I need to do this:

(1) limit to 10 connections per IP per 30 seconds but allow if accessing file beginning with x.php such as x.php?981 x.php?o19

(2) limit to 10 connections per IP per 30 seconds only if accessing file beginning with x.php but allow if accessing file beginning with y.php y.php?981 y.php?o19 .....

View 8 Replies View Related

Limit Bandwidth On Switch Port.

Jun 5, 2007

we want to limit the speed on a switch for several users. For example, we want:

User Bandwidth

Adrian 1Mbps
Peter 5Mbps
Luke 4Mbps

Which switches do you recomend for this? Any experiences on their use? Prices?

i know that sounds strange, but imagine Adrian only has access to the net on 1Mbps because that's all he needs.

View 8 Replies View Related

Apache :: Listen On Port 8080 For IPv4 And On Port 80 For IPv6?

Aug 8, 2013

I'm runnung a server with Apache2 (Apache/2.2.16 (Debian 6.0))

I would like Apache2 listen on port 8080 for IPv4 and on port 80 for IPv6.

This is what I have now:


View 4 Replies View Related

Apache :: HTAccess Needs For Rule To Redirect

Feb 21, 2013

I have page like that : [URL] ....

I want to permanent redirect it to : [URL] ....

Also needs to redirect all another page have words ( rates ) to index.

View 9 Replies View Related

Apache Rewrite Rule - 404 Error

Apr 29, 2013

I need two rules in apache to work

RewriteRule ^([^/]*).html$ index.php?page=$1 [L]
RewriteRule ^([^/]*)/([^/]*).html$ index.php?pnumber=$1&page=$2 [L]

First one rule does work and /index.php?page=something redirect to /something.html

Second rule does not work /index.php?pnumber=1&page=something need to be /1/something.html

But when make this link i got 404 error the request url not found.

Where is error, an how i can make to second rule work too?

View 1 Replies View Related

Apache :: Creating Rule For Directory Recursion?

Aug 29, 2013

I have a number of WordPress, Drupal, Wiki sites running under RHEL6.

Apache version:httpd -v
Server version: Apache/2.2.15 (Unix)
Server built: Aug 2 2013 08:02:18

We are subject to internal scans by Appscan and Tenable. It is a security requirement so I cannot just block them.

The scanners, of course, attempt to recurse the directory structure and find vulnerable files such as boot.ini, and such.

This drives the php content management systems nuts.
Request comes in and is handled by php.
PHP checks the cache for that name and does not find it.
PHP generates a MySQL query and sends it.
MySQL tries and fails to satisfy the query.
MySQL returns result to php.
PHP Writes a cached of the result and presents it to the web.

In other words, a whole lot of processor/memory.

The security scans typically look like......

[Thu Aug 29 00:35:15 2013] [error] [client XXX.XXX.XXX.XXX] Invalid URI in request GET /../../../../../../../../../../../../etc/passwd HTTP/1.1
[Thu Aug 29 00:35:15 2013] [error] [client XXX.XXX.XXX.XXX] Invalid URI in request GET ../../../../../../../../../../../../etc/passwd HTTP/1.1
[Thu Aug 29 00:35:15 2013] [error] [client XXX.XXX.XXX.XXX] Invalid URI in request GET //../../../../../../../../../../../../etc/passwd HTTP/1.1
[Thu Aug 29 00:32:26 2013] [error] [client XXX.XXX.XXX.XXX] Invalid URI in request GET ....................windowswin.ini HTTP/1.1
[Thu Aug 29 00:32:26 2013] [error] [client XXX.XXX.XXX.XXX] Invalid URI in request GET ....................winntwin.ini HTTP/1.1

I have been able to improve performance, speed and security by mod_rewrite

RewriteRule .*.(dll|ini|exe|com)$ - [R=404,NC]

Now (Finally) the question.

I have not been able to create a rule for the directory recursion.

I want to R=404 any that has a "../.." or "...." or ...." but I can not get it to recognize the string correctly.

I believe that this would improve speed and security.

View 2 Replies View Related

Apache :: Rewrite Rule For OWASP XSS Conventions

Aug 13, 2014

I need to implement prevent XSS attacks by using apache rewrite following rewrite rules for all urls of the domain.

Converting < and > to < and >
Converting ( and ) to ( and )
Converting # and & to # and &

& --> &
< --> <
> --> >
" --> "
' --> '

View 2 Replies View Related

Apache :: Rewrite Rule Does Redirect Rather Than Proxy

Oct 28, 2014

I just installed httpd-2.4.10-win32 and I can't make mod_rewrite to work :

What I'd want is a proxy to receive a uri and forwards to

I do

RewriteCond %{HTTP_HOST}
RewriteRule /appl/ [P]

and I get a redirect : - - [28/Oct/2014:14:55:19 +0100] "GET /appl/ HTTP/1.1" 302 - mod_proxy is loaded and works of course.

I've tried lot of variations (it works the same in a virtual host without rewritecond) to no avail.

View 4 Replies View Related

Apache :: URL Rewrite Rule Without Permanent Redirect

May 10, 2014

I am new to wordpress; I want a url rewrite rule for my htaccess. I want when a user visits the url on the address bar should be I don't want a permanent redirect.

View 2 Replies View Related

Apache :: Writing Htaccess Rewrite Rule?

Feb 21, 2014

I'm trying to change url structure so instead of /default/category/product.html it would show /category/product.html

With this line I've managed to do it on my personal blog

RedirectMatch 301 /default/(.*) //$1

But when I've implemented it on a customers Magento site it started showing double slashes like this //category/product.html and the whole template just collapsed .

View 17 Replies View Related

Apache :: HTAccess Won't Process Rewrite Rule Despite Many Attempts

Apr 1, 2015

It should be a straight forward change. [URL] .... does not redirect to [URL]...... It simply tries to load /denver-cars/ and denver-cars is in the URL. Am I missing something here? I have tried moving it up and down the list of rules and have tried numerous types of flags to no avail. Everything else in the htacess works fine with out the line:

RewriteRule ^/(.*)-cars/ /newcars-in-$1/ [NC,R=301,L]

Here is my htaccess:

Options +FollowSymlinks
RewriteEngine on
RewriteBase /
# Force www
# Redirect google index dir's to new dir
RewriteRule ^/(.*)-cars/ /newcars-in-$1/ [NC,R=301,L]


View 1 Replies View Related

Apache :: Crafting HTAccess Rule That Looks URL Of Visiting Page

Sep 28, 2013

I am new to apache, and really terrible with regular expressions.

How to craft an htaccess rule that looks a the URL of the page you are visiting, and redirects HTTPS to the same URL in HTTP if the URL contains a certain text string (in the case the word "products")...

View 1 Replies View Related

Copyrights 2005-15, All rights reserved