trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Reindl Harald <h.rei...@thelounge.net>
Subject Re: Per Client/IP Limits
Date Tue, 15 Jul 2014 21:19:30 GMT

Am 15.07.2014 23:05, schrieb Jason Strongman:
> ATS 4.2.1
> Mode - Reverse Proxy
> 
> Yet another question. Does ATS have the ability to limit per client IP connections? I
understand different
> clients/users can come from behind the same proxy/NAT, but just wondering if ATS has
the ability to limit per IP
> connections?  I don't see the native ability within Apache HTTPD or Nginx, so figured
ATS may require a plugin as
> well. Just want to check with the group first, since nothing is really jumping out at
me for the moment

not a job for the application layer
that sort of protectition in general should be not handeled by the attacked service

iptables -A INPUT -p tcp --syn -m connlimit --connlimit-above 100 --connlimit-mask 32 -j DROP
iptables -A INPUT -p tcp --syn -m connlimit --connlimit-above 150 --connlimit-mask 24 -j DROP
iptables -A INPUT -p tcp --syn -m connlimit --connlimit-above 250 --connlimit-mask 16 -j DROP
iptables -A INPUT -p tcp --syn -m connlimit --connlimit-above 500 --connlimit-mask 8 -j DROP


Mime
View raw message