|
Neil,
I've had this problem too.. caused by bastard proxies that spool
thousands of connections.
iptables limit will only work if you specify the source ip address.
their is however an addon module for netfilter called iplimit which will
limit connections from ANY source ip address, i.e. it has its own state
table.
I haven't tested it yet though.
Neil Sandow wrote:
I'm running an LVS (ipvsadm v1.11 2000/06/16 (compiled with popt and IPVS
v0.9.14)) on a Mandrake system (Linux version 2.2.17-21mdksecure ) With 7
realservers behind it. It's been running for > 2 years and balances the
load quite nicely.
Occassionaly I get a ton of requests from a single ip address that can
really bog things down. This AM I had > 2500 requests within a 7 minute
period for a page that has lots of ssi's running cgi's. The cpu load on
ALL realservers skyrocketed and effectively blocked access to the site for
about 5-10 minutes.
Is there a way to limit the number of active connections to a single ip
address using ipchains? If this is possible using iptables, but not
ipchains, I would upgrade the server to resolve this problem which seems
to be happening several time per week.
Thanks! -Neil
===================
Neil Sandow, Pharm.D. rx@xxxxxxxxxx
http://rxlist.com - The Internet Drug Index
_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://www.in-addr.de/mailman/listinfo/lvs-users
--
Regards,
Malcolm Turnbull.
Crocus.co.uk Ltd
01344 629661
07715 770523
| 