CT_Limit, IP blocked for too many connections

[keat63]

In CSF, i have CT_Limit configured for 400 connections.
However, i get the occasional false positive, resulting in customers being blocked in CSF for an hour.

Any ideas why a browser would use so many connections ?

I understand that this is to protect against DDOS attacks.
How many connections would normally be considered a DDOS attack ?

 

[cPanelMichael]

However, i get the occasional false positive, resulting in customers being blocked in CSF for an hour.

Hello

You may find this thread helpful:

https://forums.cpanel.net/threads/dealing-with-too-many-open-connections.386211/

Thank you.

 

[keat63]

That thread does'nt really say much, other than people having the same problem with no solution.
I've disabled the feature for the time being until i can figure out why it does this.

 

[Infopro]

Did you get an email alert about the block? What did the email tell you?

 

[keat63]

I can't remeber now, as it's been about two weeks since i disabled the feature.
Other than I recall it was a UK IP address and it had more than 400 html connections to the server.
I've seen it a few times and always dismissed it, only this time it was followed by a customer saying that they connect to my site, but after about 5 minutes the site goes down.
Of course the site didn't go down, CSF blocked them.

I'd like to reinstate the feature and maybe just increase the number of open connections before a block is triggered, but i've no clue as to how many connections would be considered acceptable.

 

[Infopro]

I use a smaller setting than what you had yours set to, if that helps. I'd leave it enabled and watch for issues a bit closer when the email comes in next time. There's a reason for it no doubt.

A long time ago I was hosting a support forum for (a separate site) homeworkers co. that were instructed (to access the work site, not on my server) to disable browser cache, and to use IE6 only. Users were getting blocked all the time when visiting the forum due to my security no matter what I did to try and resolve it (short of giving up security). We optimized the number of images in style and other related items to try sort it for example.

I didn't know about the browser requirements for the job site until weeks after many complaints about being blocked. No one thought to mention it to me. In the end they moved and life went back to normal.

Not your issue of course, but if its just one or two users getting blocked, there's probably a good reason for it.

I like to think of a valid end user getting blocked as a learning experience, for them. It can be annoying sure, but once they learn not to get blocked, they won't forget.