Re: Limiting simultaneous requests from a single ip

To:	<malcolm.turnbull@xxxxxxxxxxxx>, <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject:	Re: Limiting simultaneous requests from a single ip
From:	Andres Tello Abrego <criptos@xxxxxxxxxx>
Date:	Tue, 6 May 2003 16:51:52 -0500 (CDT)

As far I know, limit can work with -d flag..


On Wed, 7 May 2003, Malcolm Turnbull wrote:

> Neil,
>
> I've had this problem too.. caused by bastard proxies that spool
> thousands of connections.
>
> iptables limit will only work if you specify the source ip address.
>
> their is however an addon module for netfilter called iplimit which will
> limit connections from ANY source ip address, i.e. it has its own state
> table.
>
> I haven't tested it yet though.
>
>
> Neil Sandow wrote:
> > I'm running an LVS (ipvsadm v1.11 2000/06/16 (compiled with popt and IPVS
> > v0.9.14)) on a Mandrake system (Linux version 2.2.17-21mdksecure ) With 7
> > realservers behind it.  It's been running for > 2 years and balances the
> > load quite nicely.
> >
> > Occassionaly I get a ton of requests from a single ip address that can
> > really bog things down.  This AM I had > 2500 requests within a 7 minute
> > period for a page that has lots of ssi's running cgi's.   The cpu load on
> > ALL realservers skyrocketed and effectively blocked access to the site for
> > about 5-10 minutes.
> >
> > Is there a way to limit the number of active connections to a single ip
> > address using ipchains?    If this is possible using iptables, but not
> > ipchains, I would upgrade the server to resolve this problem which seems
> > to be happening several time per week.
> >
> > Thanks! -Neil
> >
> >
> >
> >
> >                                ===================
> >                         Neil Sandow, Pharm.D. rx@xxxxxxxxxx
> >                      http://rxlist.com - The Internet Drug Index
> >
> >
> > _______________________________________________
> > LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> > Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> > or go to http://www.in-addr.de/mailman/listinfo/lvs-users
>
>
> --
> Regards,
>
> Malcolm Turnbull.
> Crocus.co.uk Ltd
> 01344 629661
> 07715 770523
>
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users
>

<Prev in Thread]	Current Thread	[Next in Thread>
Limiting simultaneous requests from a single ip, Neil Sandow Re: Limiting simultaneous requests from a single ip, Joseph Mack Re: Limiting simultaneous requests from a single ip, Andres Tello Abrego Re: Limiting simultaneous requests from a single ip, Malcolm Turnbull Re: Limiting simultaneous requests from a single ip, Andres Tello Abrego <= Re: Limiting simultaneous requests from a single ip, Malcolm Turnbull

Previous by Date:	Linux kernel small forwarding perf (was: RE: Small packets handling : LVS-DR vs LVS-NAT), Alexandre Cassen
Next by Date:	question regarding DR and uploads, Paul Nowoczynski
Previous by Thread:	Re: Limiting simultaneous requests from a single ip, Malcolm Turnbull
Next by Thread:	Re: Limiting simultaneous requests from a single ip, Malcolm Turnbull
Indexes:	[Date] [Thread] [Top] [All Lists]