LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Limits on certain ip connections. (https://www.linuxquestions.org/questions/linux-security-4/limits-on-certain-ip-connections-48952/)

newhost 03-09-2003 08:36 AM
Limits on certain ip connections.
 
Hi

when we do a netstat -an I notice sometimes certain ips are logged onto our server up to 20 - 50 or more times each.

My question would be can we restrict the amount of times certain ips can be using a process or logged onto our server.

I have looked at the /etc/security/limits.conf file and would an ip work in there with this?


123.456.789 hard nproc 10

or should we be setting this elsewhere?

running Redhat 7.3 apache server.

thankyou.

AltF4 03-09-2003 11:45 AM
check httpd.conf:

MaxKeepAliveRequests directive
Syntax: MaxKeepAliveRequests number
Default: MaxKeepAliveRequests 100
Context: server config
Status: core
Compatibility: Only available in Apache 1.2 and later.

The MaxKeepAliveRequests directive limits the number of requests allowed per connection when KeepAlive is on. If it is set to "0", unlimited requests will be allowed. We recommend that this setting be kept to a high value for maximum server performance. In Apache 1.1, this is controlled through an option to the KeepAlive directive.

For example

MaxKeepAliveRequests 500

unSpawn 03-09-2003 11:51 AM
..next to that, if you run Apache in standalone mode, and want more (finegrained) control, you could look for mod_limitipconn, mod_bandwidth, mod_throttle or mod_bandwidthshare. If for some odd reason you run it tru Xinetd, xinetd can do it's own throttling/limiting. Also Iptables, if you would want to use it for that, can do limiting tru the iplimit module.

What you definately not want is the stuff under /etc/security, cuz that's PAM related, and mostly has to do with restrictions for local users like (u)limiting, time/remote host limits etc etc.

newhost 03-09-2003 03:56 PM
Thankyou for the quick answers, Ok my httpd.conf

we have about 250 websites on this server with a few heavy users but most low to moderate users.

I did some testing and noticed that after entering the ips that kept showing up over 20 times each I put into my security limits.conf file the loads on the server reduced dramatically. I did further testing and removed those ips and then set the httpd.conf file to "Keep alive On"

the loads on the server shot up 6 - 12 times to what it had been running at,

I have been setting those ips on limits.conf for the previous 24 hours and no complaints of users having any connection problems.

unspawn I will have a look at mod_limitipconn and see if that can work better that my current setup.

thankyou.



#
# Timeout: The number of seconds before receives and sends time out.
#
Timeout 300

#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
KeepAlive Off

#
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
#
MaxKeepAliveRequests 250

#
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
KeepAliveTimeout 15

obviously its turned off


All times are GMT -5. The time now is 07:25 AM.