trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jason Strongman <jasonstrongman2...@gmail.com>
Subject Re: Per Client/IP Limits
Date Tue, 15 Jul 2014 21:43:14 GMT
Right. That seems to be the popular school of thought. Not the role of the
application.

Thanks!


On Tue, Jul 15, 2014 at 4:19 PM, Reindl Harald <h.reindl@thelounge.net>
wrote:

>
> Am 15.07.2014 23:05, schrieb Jason Strongman:
> > ATS 4.2.1
> > Mode - Reverse Proxy
> >
> > Yet another question. Does ATS have the ability to limit per client IP
> connections? I understand different
> > clients/users can come from behind the same proxy/NAT, but just
> wondering if ATS has the ability to limit per IP
> > connections?  I don't see the native ability within Apache HTTPD or
> Nginx, so figured ATS may require a plugin as
> > well. Just want to check with the group first, since nothing is really
> jumping out at me for the moment
>
> not a job for the application layer
> that sort of protectition in general should be not handeled by the
> attacked service
>
> iptables -A INPUT -p tcp --syn -m connlimit --connlimit-above 100
> --connlimit-mask 32 -j DROP
> iptables -A INPUT -p tcp --syn -m connlimit --connlimit-above 150
> --connlimit-mask 24 -j DROP
> iptables -A INPUT -p tcp --syn -m connlimit --connlimit-above 250
> --connlimit-mask 16 -j DROP
> iptables -A INPUT -p tcp --syn -m connlimit --connlimit-above 500
> --connlimit-mask 8 -j DROP
>
>

Mime
View raw message