IPTables Rule Using Modules Limit & Length Simoultaneously
Apr 4, 2009
I am currently trying to limit incoming UDP length 20 packets on a per IP basis to 5 a second using IPTables on a Linux machine (CentOS 5.2).
Basically, if an IP is sending more than 5 length 20 UDP packet a second to the local machine, I would like the machine to drop the excess length 20 packets coming from that IP.
The modules that should work perfectly for this type of "rule set" are;
- Limiting module
- Length module
Both of which are installed / compiled with the kernel/IPTables correctly and functioning.
I have tried several rule sets, and they all seem to not fully work. Either they drop all UDP length 20 packets going to the local machine or allow all them through.
Below is one of the rule sets I use, and it is not working. Any ideas what the issue could be?
iptables -N UDPC1
iptables -A INPUT -p udp -m length --length 20 -j UDPC1
iptables -A UDPC1 -p udp -m length --length 20 -m limit --limit 5/second -j ACCEPT
iptables -A UDPC1 -j DROP
View 1 Replies
ADVERTISEMENT
Aug 7, 2008
We installed csf firewall in main node and we have following error when try to start firewall, how can resolve this issue?
[root@m5088 csf]# csf -s
Error: The VPS iptables rule limit (numiptent) is too low (400/400) - stopping firewall to prevent iptables blocking all connections, at line 123
View 3 Replies
View Related
Jun 1, 2008
I have a openvz based vps server, my vps users have "The VPS iptables rule limit (numiptent)" error when try to install and start any firewall.
how can resolve this issue?
View 4 Replies
View Related
Nov 2, 2009
This wiki page has discussed how to enable iptables modules in a VPS.
View 6 Replies
View Related
Mar 6, 2008
I want to know about install IPTables modules -> modules name is 'Quota'
It's have way to install pure this modules directly to IPTables by not Build/ReBuild Kernel from Source
OS : CentOS 5.0
I must Mod Quota to IPTables for use Traffic Limit per VPS Node on OpenVZ Kernel
And everyone can tell me to simple to Traffic Control for VPS Node on OpenVZ
View 0 Replies
View Related
Apr 21, 2008
My server was unstable at this month sometimes fork 700 process and apache 80 access per second and that's made server very slow . very bad browsing
when i checked log files /var/log/messages found that errors
Apr 20 04:06:28 suhosin[798]: ALERT - configured request variable value length limit exceeded - dropped variable 'message' (attacker '212.107.116.238', file '/usr/local/cpanel/cgi-sys/php4')
Apr 22 00:27:05 suhosin[15442]: ALERT - configured request variable name length limit exceeded - dropped ....
View 6 Replies
View Related
Jun 18, 2015
Domain has PHP Settings in Plesk set to 2G and I get this error when uploading a 48MB file using Wordpress. I assume I need ot modify this manually in conf file somewhere to allow uploading large files?
Requested content-length of 48443338 is larger than the configured limit of 10240000..
mod_fcgid: error reading data, FastCGI server closed connection...
View 1 Replies
View Related
Apr 12, 2007
any good rule to limit Apache (port 80) connections from 1 IP to 15 with iptables/csf?
And total connections to the box to 100?
View 6 Replies
View Related
Apr 27, 2009
I am unable to create a user in mysql with 20 characters length. I am getting the annoying error message about 16 characters limitation about a username length. I have tried to increase the character user limit length to 32 characters using the following commands:
mysql -uroot -p
use mysql;
alter table `user` modify `User` CHAR(32);
FLUSH PRIVILEGES;
quit
service mysqld restart
But after all of this was done I was and I am still unable to connect to mysql anymore with/without password.
View 1 Replies
View Related
Aug 13, 2008
I run CentOS 5.2 (Sometimes CentOS 4.6). I have been messing around with IPTables, and cannot find out how to filter zero-length packets.
I believe I might need an unclean module. I have already done hours of reading and researching, but I have come up with nothing, for I do not think this is that common.
If anyone could please let me know the commands to use to filter out all zero-length packets, or the unclean module I need to use with IPTables, I would really appreciate it.
View 14 Replies
View Related
Jul 11, 2015
I have been seeing these in my log and received complaints from customers not able to get their mail out. These messages just stay in the queue and go no where.
what they are successfully using as a tlsserverciphers and tlsclientciphers? Maybe it the dh key being too small. How can this be fixed on Qmail?
qmail: 1436646171.830486 delivery 6: deferral: TLS_connect_failed:_error:14082174:SSL_routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh_key_too_small;_connected_to_170.49.86.238.
View 2 Replies
View Related
Jan 5, 2008
I execute the following commands, in the following order:
iptables --flush
iptables --zero
iptables -A INPUT -s 218.65.12.161 -j DROP
will that last command successfully ban that IP until reboot?
If not, what needs to be done? I can't access my site if I don't flush + zero iptables first but I need to be able to ban with iptables.
View 2 Replies
View Related
Jun 30, 2009
When I download a file from my server, only specific extensions are working. This is really annoying since I want to be able to see how much time left to finish a download.
For example I uploaded a video with .vob extension
file.vob --> does not show filesize when downloading
If I rename the same file to different extension:
file.avi --> works fine shows filesize when downloading
file.mp3 --> works fine shows filesize when downloading
file.rar --> works fine shows filesize when downloading
file.mp4 --> does not show filesize when downloading
file.wmv --> does not show filesize when downloading
These are direct download links, not using any download scripts or anything. Why are some extensions displaying the filesize and some not displaying them? I am using Apache 2.x server.
View 2 Replies
View Related
Jul 4, 2009
I got a problem with CSF on my VPS. ipt_state and ipt_REDIRECT are not enabled on the node and I can't(and everyone else on the node) be using any ipt based firewall.
I asked a hosting company to enable those modules and I provided a simple guide(Edit /etc/sysconfig/iptables-config and /etc/sysconfig/vz on the hardware node. Add ipt_state and ipt_REDIRECT into IPTABLES_MODULES= and IPTABLES= lines correspondingly.)
I had the same problem on my old VPS provider and I provided the same guide and after it they restarted iptables and vz and it worked fine.
Tech in my current hosting company is saying they need to re-compile the kernel with those modules 1st in order to enabled those modules. They tried 2 times and the server didn't boot into a new kernel.
So, is there any other way to enable those modules without kernel re-compile.
I even think "modprobe" shout do the trick. modprobe ipt_state and modprobe ipt_REDITECT and then add those modules into 2 files as I said above and it whould be working fine?
View 2 Replies
View Related
May 2, 2008
CentOS 5. I can't run iptables.
/lib/modules is empty.
In /var/log/messages, this line is repeated many times:
modprobe: FATAL: Could not load /lib/modules/2.6.18-5-xen-686/modules.dep: No such file or directory
iptables -L gives this:
iptables v1.3.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
Is this something I can fix via yum install xxx or some other way, or is it something my provider has to do?
I tried yum install kernel-xen, but that installed 2.6.18-53 and modprobe is looking for 2.6.18-5
View 6 Replies
View Related
Oct 10, 2007
On a Linux box, is there a way to list all of the modules that are running in Apache but NOT compiled into Apache?
I now that "httpd -l" = lists all of the Apache compiled modules.
View 5 Replies
View Related
Sep 9, 2007
Trying to install Cerberus Help Desk and it gives this message during requirement check:
The following problems prevent you from running Cerberus Helpdesk 4.0:
upload_tmp_dir is empty in your php.ini file. Please set it.
The 'MailParse' PHP extension is required. Please enable it.
The 'Mail' PEAR package is required. Please install it.
The 'Mail_Mime' PEAR package is required. Please install it.
The 'Mail_mimeDecode' PEAR package is required. Please install it.
The 'Mail_RFC822' PEAR package is required. Please install it.
The 'Text_Password' PEAR package is required. Please install it.
how to apply this (on a vps) safely? Using Centos 4.5. I'm using Interworx control panel.
View 5 Replies
View Related
Apr 17, 2009
I have a RHEL 5 server, that host one site with a common PHP 5.x -MySQL 5.x app, it also uses .htaccess to rewrite rules. I'm trying to optimize apache to the max, and though about removing some unneccesary modules. The actual modules loaded are:
Code:
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_alias_module modules/mod_authn_alias.so
LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule include_module modules/mod_include.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule logio_module modules/mod_logio.so
LoadModule env_module modules/mod_env.so
LoadModule ext_filter_module modules/mod_ext_filter.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule expires_module modules/mod_expires.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule headers_module modules/mod_headers.so
LoadModule usertrack_module modules/mod_usertrack.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule mime_module modules/mod_mime.so
LoadModule dav_module modules/mod_dav.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule info_module modules/mod_info.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
LoadModule actions_module modules/mod_actions.so
LoadModule speling_module modules/mod_speling.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule cache_module modules/mod_cache.so
LoadModule suexec_module modules/mod_suexec.so
LoadModule disk_cache_module modules/mod_disk_cache.so
LoadModule file_cache_module modules/mod_file_cache.so
LoadModule mem_cache_module modules/mod_mem_cache.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule version_module modules/mod_version.so
LoadModule unique_id_module modules/mod_unique_id.so
LoadModule evasive20_module /usr/lib/httpd/modules/mod_evasive20.so
LoadModule security_module /usr/lib/httpd/modules/mod_security.so
Besides of mod_evasive, mod_security that are security modules, what modules can I disable without causing any problems to a common PHP-MySQL website?
This is a plain RH box, virtual host is configured at httpd.conf in this way:
Code:
<VirtualHost SERVERIP>
ServerName mysite.com
ServerAlias www.mysite.com
DocumentRoot /var/www/sites/mysite.com
<Directory "/var/www/sites/mysite.com">
Options FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
</VirtualHost>
View 4 Replies
View Related
Sep 16, 2007
to install these two but whm did not find them
html2ps
ps2pdf
Only found this,
Meta::Tool:s2Pdf
not sure if that is the proper one anyway.
Using perl 5.8.8 / centos 4.5
View 6 Replies
View Related
Jun 2, 2014
I'm trying to install the Win32 dist from apachelounge 2.4.9 and I'm having difficulties getting the modules loaded. Several modules have different names or aren't there at all. mod_imap.so
View 1 Replies
View Related
Feb 11, 2013
I have complied Apache from the source with so enabled and compiled PHP with Apache apxs. What if I do, if I want to add/Load another modules as a dynamic modules without recompiling apache. Suppose if I want to enable rewrite or any other module.I am pasting the command which I used to compile apahce.
Apache
==
./configure --prefix=/usr/local/apache --enable-module=so
make
make install
PHP
==
./configure --prefix=/usr/local/php --with-apxs2=/usr/local/apache/bin/apxs
make
make install
Both are running fine on my server,how to enable mod rewrite module as shared module fro example ??Â
View 1 Replies
View Related
Oct 8, 2007
If you know where to buy those modules, please let me know.
View 3 Replies
View Related
Jul 30, 2008
what modules I should use in my httpd.conf file. Here's the modules that I currently have enabled / disabled. The site is running specifically off PHP. There is no need for CGI, ASP, or any other languages (to my knowledge). The negotiation module is enabled,. It does not need to be to my knowledge.
However, when I disabled it Apache would not restart. Could someone give some details as to which directives need to be disabled for negotiation to be disabled. Also, does anyone know if negotiation is essential. It is not to my knowledge. Suggestions and comments are much appreciated. Thank you in advance for your hard work and experience being as it's not costing me anything. I will do my best to return the favor.
LoadModule access_module modules/mod_access.so
LoadModule auth_module modules/mod_auth.so
LoadModule auth_anon_module modules/mod_auth_anon.so
LoadModule auth_dbm_module modules/mod_auth_dbm.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule auth_ldap_module modules/mod_auth_ldap.so
# LoadModule include_module modules/mod_include.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule env_module modules/mod_env.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule cern_meta_module modules/mod_cern_meta.so
LoadModule expires_module modules/mod_expires.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule headers_module modules/mod_headers.so
LoadModule usertrack_module modules/mod_usertrack.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule mime_module modules/mod_mime.so
LoadModule dav_module modules/mod_dav.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule asis_module modules/mod_asis.so
LoadModule info_module modules/mod_info.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
LoadModule imap_module modules/mod_imap.so
LoadModule actions_module modules/mod_actions.so
LoadModule speling_module modules/mod_speling.so
# LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule cache_module modules/mod_cache.so
LoadModule suexec_module modules/mod_suexec.so
LoadModule disk_cache_module modules/mod_disk_cache.so
LoadModule file_cache_module modules/mod_file_cache.so
LoadModule mem_cache_module modules/mod_mem_cache.so
# LoadModule cgi_module modules/mod_cgi.so
LoadModule logio_module /usr/lib/httpd/modules/mod_logio.so
View 0 Replies
View Related
Jul 28, 2008
I can't get SELinux to let httpd load the IonCube module for PHP. I've given the CentOS 5 forum a try (here: http://www.centos.org/modules/newbb/...15403&forum=42), talked with WHMCS's support (the app I'm using that needs it), and even opened a ticket with IonCube. Unfortunately nobody seems to know how to tell SELinux to let httpd "exec" modules.
I'm running CentOS 5, and the error I'm getting in /var/log/messages is:
Jul 23 10:15:30 host kernel: audit(1216833330.905:1249): avc: denied { execheap } for pid=22055 comm="httpd" scontext=root:system_r:httpd_t:s0 tcontext=root:system_r:httpd_t:s0 tclass=process
I can disable SELinux and it works fine (setenforce 0), but that's not the solution I'm looking for. Can someone please tell me how to do this the *right* way?
View 11 Replies
View Related
Jul 23, 2008
what are the standard modules which you normally need to get installed in your server or which you install ? from which you sell hosting to your customer or Which standard modules Is Most Important To Be Installed In Your Dedicated server ?
View 3 Replies
View Related