Re: Dynamic firewall based on bandwidth usage ?

From: FM <dist-list@xxxxxxxxxxxxxxxxxx>
Date: Tue, 10 Oct 2006 16:59:03 -0400

Thank you for all the responses.

For the quota options, I saw it but redhat 4 is using an older version
of iptables that why I ask here, just to have inputs from specialists.

Thanks again !

FM wrote:

Hello,
I have a common problem but cannot find a solution.

My setup :
all servers are Redhat Enterprise 4
CISCO PIX in front on a HTTP load Balancer/failover (called a
director in the L.V.S. jargon) that sends requests to 4 web servers
(cluster setup based on Linux Virtual Server include in redhat
cluster suite).

Now my prob :-)

From time to time users download our site and block all http
connexion, and worst, use all our bandwidth. So I have to block (or
redirect) those network abusers after a download limit (for ex : 1Gb
per day) for lets say 1day.

Because of the director, I cannot use the apache2 mod_cband.

My first though is to look at the iptables on the director but I
cannot find any information about that kind of setup.

Do you know if it is possible using build in linux tools(iptables ?).

If not, do you know some hardware appliance that could do that ?

Thanks !

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Prev by Date: Re: One computer two different networks
Next by Date: Re: preventing run-as option
Previous by thread: Trojan horse bypassing any firewall and antivirus SW
Next by thread: eFortresses Security Breaches Matrix
Index(es):
- Date
- Thread

Relevant Pages

Re: Dynamic firewall based on bandwidth usage ?
... One idea could be using accouting on iptables and limit traffic by this way.... ... in the L.V.S. jargon) that sends requests to 4 web servers (cluster ... setup based on Linux Virtual Server include in redhat cluster suite). ... From time to time users download our site and block all http connexion, ...
(Focus-Linux)
NIS on RH9
... I have updated all our servers to redhat 9 and now I get several strange ... to add an allow all from anywhere line to iptables and ...
(RedHat)
Why redhat will never get another dime of my money.
... Over the past 8 years, I've deployed about 1800 redhat servers, 1/2 of them being in turnkey beowulf clusters, ... RedHat will not be involved in any of my future deployments. ... I have a serious problem with my satellite server. ... Australian: "Let me go find our satellite guy, ...
(RedHat)
Re: IP Forwarding problem
... iptables -t nat -F ... Maybe Redhat's default firewall rule set made you confused. ... > I have a RedHat 9 system set up. ... I am able to see the Linux box from the Windows machines on ...
(comp.os.linux.networking)
Re: Basic setup for a home RedHat 7 box
... the subject name is setup for a 'RedHat 7 box':D ... >> I want to set up at least some basic IDS and firewall tools on my box at ... which isn't on any sort of network. ...
(Security-Basics)