Limit connection to httpd per ip.

Bidi

Well-Known Member
Oct 3, 2012
100
6
68
Romania, Transilvania
cPanel Access Level
DataCenter Provider
Hello guys i was looking for this for 1 or 2 weeks i didnt fiind any solutions.

I got a problem with this

tcp 0 0 s1.hzone.ro:http 109.102.191.82:63121 SYN_RECV
tcp 0 0 s1.hzone.ro:http 109.102.191.82:64673 SYN_RECV

And it makes from same ip difrent port like 500 connections till csf bans it.

How can i limit this tipes of connections to http / ip

Like this user ip 109.102.191.82 if he make more then 10 connections to http to give hem blank page or not to work ?

I tryed even with iptables ... but ussles.
 

Bidi

Well-Known Member
Oct 3, 2012
100
6
68
Romania, Transilvania
cPanel Access Level
DataCenter Provider

quizknows

Well-Known Member
Oct 20, 2009
1,008
87
78
cPanel Access Level
DataCenter Provider
If you have ModSecurity selected in EasyApache, then you would just have to add this line to /usr/local/apache/conf/modsec2.user.conf

SecReadStateLimit 25

You would have to restart apache for the setting to be active. This is just an example, you could try anywhere from 5 to 50. This example setting would limit each connecting IP to 25 simulatneous READ connections to the Apache server.

I say this setting instead of SecConnReadStateLimit because the newest modsec build in EA is 2.7.5 which still uses SecReadStateLimit.
 

xbaha

Member
Sep 30, 2014
14
0
1
cPanel Access Level
Root Administrator
If you have ModSecurity selected in EasyApache, then you would just have to add this line to /usr/local/apache/conf/modsec2.user.conf

SecReadStateLimit 25

You would have to restart apache for the setting to be active. This is just an example, you could try anywhere from 5 to 50. This example setting would limit each connecting IP to 25 simulatneous READ connections to the Apache server.

I say this setting instead of SecConnReadStateLimit because the newest modsec build in EA is 2.7.5 which still uses SecReadStateLimit.
hi,
sorry to jump in a year later, hope you still around...
i was looking for such a solutions also, but i only want it to limit concurrent HTTP POST requests per ip per seconds, (if HTTP GET, then allow unlimited sim connections). is there away to do that?

thanks.