Re: Block access that is too fast with iptables
From: Jem Berkes (jb_at_users.pc9.org)
Date: 03/30/04
- Previous message: Florian Reitmeir: "Re: Newbie: very basic iptables rules"
- In reply to: Vito Corleone: "Block access that is too fast with iptables"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 30 Mar 2004 14:14:43 GMT
> How do I block access from certain IP that fetch too fast from my web
> server? My web server was attacked with thousands of request to random
> pages in short amount of time.
Here's something I just added yesterday to limit the rate of TCP data sent
originating from the http port (note that this is a total rate for all http
traffic, so add specific -s source if you want that). Also add -o if you
want the rules to only be active on a certain external interface.
iptables -A OUTPUT -p tcp --sport 80 -m limit --limit 30/second -j ACCEPT
iptables -A OUTPUT -p tcp --sport 80 -j DROP
If the first rule doesn't accept the packets, the second one drops them.
With TCP this throttles the connection although it isn't too elegant. It
doesn't provide a very fine control, but it should do the job.
-- Jem Berkes http://www.sysdesign.ca/
- Previous message: Florian Reitmeir: "Re: Newbie: very basic iptables rules"
- In reply to: Vito Corleone: "Block access that is too fast with iptables"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
