Code: root@system:/home/systemadmin/Temp/mod/mod_limitipconn-0.22# ls ChangeLog INSTALL Makefile README apachesrc.diff mod_limitipconn.c root@system:/home/systemadmin/Temp/mod/mod_limitipconn-0.22# make install apxs -c mod_limitipconn.c make: apxs: Command not found make: *** [mod_limitipconn.so] Error 127 root@system:/home/systemadmin/Temp/mod/mod_limitipconn-0.22# I run a small video site and members have been downloading multiple files from my Apache server at once. I need to limit them to one or two connections per ip so that they wont be able to flood my server and bring the site to its knees. mod_limitipconn.c seems like the mod I need but I was wondering if their is an alternative or another approach to solving this problem.
According to http://www.experts-exchange.com/Security/Operating_Systems_Security/Linux/Q_21416469.html you can also do this with iptables.
I am unable to view the solution on Expert Exchange because I don't have a paid account. Also I have searched the net for the similar solution I keep hearing that you cannot setup iptables to limit connections per client. This is whats currently happening. Am I experiencing a DOS attack? Code: State Recv-Q Send-Q Local Address:Port Peer Address:Port CLOSE-WAIT 1526 95832 ::ffff:192.168.1.110:www ::ffff:79.80.20.81:59865 ESTAB 0 93440 ::ffff:192.168.1.110:www ::ffff:71.92.68.47:50078 CLOSE-WAIT 1 74052 ::ffff:192.168.1.110:www ::ffff:79.80.20.81:59970 ESTAB 0 52 ::ffff:192.168.1.110:ssh ::ffff:192.168.1.121:1164 ESTAB 0 83576 ::ffff:192.168.1.110:www ::ffff:193.120.116.179:57574 CLOSE-WAIT 1 82764 ::ffff:192.168.1.110:www ::ffff:79.80.20.81:60003 CLOSE-WAIT 1 95832 ::ffff:192.168.1.110:www ::ffff:79.80.20.81:60001 CLOSE-WAIT 1 84216 ::ffff:192.168.1.110:www ::ffff:79.80.20.81:59931 CLOSE-WAIT 1 69696 ::ffff:192.168.1.110:www ::ffff:79.80.20.81:59932 CLOSE-WAIT 1 92928 ::ffff:192.168.1.110:www ::ffff:79.80.20.81:59906 CLOSE-WAIT 1 90024 ::ffff:192.168.1.110:www ::ffff:79.80.20.81:59907 CLOSE-WAIT 1 82764 ::ffff:192.168.1.110:www ::ffff:79.80.20.81:59967 CLOSE-WAIT 1 75504 ::ffff:192.168.1.110:www ::ffff:79.80.20.81:59965 CLOSE-WAIT 1 68244 ::ffff:192.168.1.110:www ::ffff:79.80.20.81:59938 CLOSE-WAIT 1 90024 ::ffff:192.168.1.110:www ::ffff:79.80.20.81:59939 CLOSE-WAIT 1 92928 ::ffff:192.168.1.110:www ::ffff:79.80.20.81:59940 Does this look like a sufficient policy Code: iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination syn_flood tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN ACCEPT icmp -- anywhere anywhere limit: avg 1/sec burst 1 LOG icmp -- anywhere anywhere limit: avg 1/sec burst 1 LOG level warning prefix `PING-DROP:' DROP icmp -- anywhere anywhere RETURN tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 1/sec burst 3 ACCEPT tcp -- anywhere anywhere tcp dpt:www ACCEPT tcp -- anywhere anywhere tcp dpt:ssh Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT icmp -- anywhere anywhere Chain syn_flood (1 references) target prot opt source destination RETURN all -- anywhere anywhere limit: avg 1/sec burst 3 DROP all -- anywhere anywhere
I don't have a paid account either, but the last time I visited the page, it showed all solutions. Now it doesn't do it anymore...
