Limiting simultaneous requests from a single ip

Andres Tello Abrego criptos at aullox.com
Tue May 6 22:51:52 BST 2003


As far I know, limit can work with -d flag..


On Wed, 7 May 2003, Malcolm Turnbull wrote:

> Neil,
>
> I've had this problem too.. caused by bastard proxies that spool
> thousands of connections.
>
> iptables limit will only work if you specify the source ip address.
>
> their is however an addon module for netfilter called iplimit which will
> limit connections from ANY source ip address, i.e. it has its own state
> table.
>
> I haven't tested it yet though.
>
>
> Neil Sandow wrote:
> > I'm running an LVS (ipvsadm v1.11 2000/06/16 (compiled with popt and IPVS
> > v0.9.14)) on a Mandrake system (Linux version 2.2.17-21mdksecure ) With 7
> > realservers behind it.  It's been running for > 2 years and balances the
> > load quite nicely.
> >
> > Occassionaly I get a ton of requests from a single ip address that can
> > really bog things down.  This AM I had > 2500 requests within a 7 minute
> > period for a page that has lots of ssi's running cgi's.   The cpu load on
> > ALL realservers skyrocketed and effectively blocked access to the site for
> > about 5-10 minutes.
> >
> > Is there a way to limit the number of active connections to a single ip
> > address using ipchains?    If this is possible using iptables, but not
> > ipchains, I would upgrade the server to resolve this problem which seems
> > to be happening several time per week.
> >
> > Thanks! -Neil
> >
> >
> >
> >
> >                                ===================
> >                         Neil Sandow, Pharm.D. rx at rxlist.com
> >                      http://rxlist.com - The Internet Drug Index
> >
> >
> > _______________________________________________
> > LinuxVirtualServer.org mailing list - lvs-users at LinuxVirtualServer.org
> > Send requests to lvs-users-request at LinuxVirtualServer.org
> > or go to http://www.in-addr.de/mailman/listinfo/lvs-users
>
>
> --
> Regards,
>
> Malcolm Turnbull.
> Crocus.co.uk Ltd
> 01344 629661
> 07715 770523
>
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users at LinuxVirtualServer.org
> Send requests to lvs-users-request at LinuxVirtualServer.org
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users
>



More information about the lvs-users mailing list