Limit connection to httpd per ip.

[Bidi]

Hello guys i was looking for this for 1 or 2 weeks i didnt fiind any solutions.

I got a problem with this

tcp 0 0 s1.hzone.ro:http 109.102.191.82:63121 SYN_RECV
tcp 0 0 s1.hzone.ro:http 109.102.191.82:64673 SYN_RECV

And it makes from same ip difrent port like 500 connections till csf bans it.

How can i limit this tipes of connections to http / ip

Like this user ip 109.102.191.82 if he make more then 10 connections to http to give hem blank page or not to work ?

I tryed even with iptables ... but ussles.

 

[quietFinn]

Have you tried CONNLIMIT in CSF?

 

[Bidi]

Yes and is ussles......

 

[quizknows]

Try using modsecurity to limit number of read states per IP.

(Updated) ModSecurity Advanced Topic of the Week: Mitigating Slow HTTP DoS Attacks - SpiderLabs Anterior

https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#wiki-SecReadStateLimit

 

[Bidi]

Try using modsecurity to limit number of read states per IP.

(Updated) ModSecurity Advanced Topic of the Week: Mitigating Slow HTTP DoS Attacks - SpiderLabs Anterior

https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#wiki-SecReadStateLimit

To be onest i dont know how to use it

 

[quizknows]

If you have ModSecurity selected in EasyApache, then you would just have to add this line to /usr/local/apache/conf/modsec2.user.conf

SecReadStateLimit 25

You would have to restart apache for the setting to be active. This is just an example, you could try anywhere from 5 to 50. This example setting would limit each connecting IP to 25 simulatneous READ connections to the Apache server.

I say this setting instead of SecConnReadStateLimit because the newest modsec build in EA is 2.7.5 which still uses SecReadStateLimit.

 

[ravi9]

You can also use (D)DoS Deflate - deflate.medialayer.com plugin.
With default configuration, IP will get blocked for 1 minutes after 150+ connections.

 

[Bidi]

Ravi i will try it, sorry guys for not answearing but my father has died in december and since then my mom she's loosing hear mind.

 

[xbaha]

If you have ModSecurity selected in EasyApache, then you would just have to add this line to /usr/local/apache/conf/modsec2.user.conf

SecReadStateLimit 25

You would have to restart apache for the setting to be active. This is just an example, you could try anywhere from 5 to 50. This example setting would limit each connecting IP to 25 simulatneous READ connections to the Apache server.

I say this setting instead of SecConnReadStateLimit because the newest modsec build in EA is 2.7.5 which still uses SecReadStateLimit.

hi,
sorry to jump in a year later, hope you still around...
i was looking for such a solutions also, but i only want it to limit concurrent HTTP POST requests per ip per seconds, (if HTTP GET, then allow unlimited sim connections). is there away to do that?

thanks.

 

[quizknows]

I'm not aware of a way to restrict the SecReadStateLimit to certain request methods, but I'll take a look at it.