Quote:
Originally Posted by chazz
...The third and fourth rules would be needed if the webserver does a CURL/wget however, correct?
|
Not by my understanding; I believe cURL or wget still act like standard web clients, so the server should see normal http/https requests, with nothing originated by the web server. The only reason pass rules 3/4 would be involved would be if the webserver
initiated contact to a remote address, and used outgoing port #80. I can't see either happening with normal web applications.
Quote:
I also have max-src-conn-rate on FTP, what would be a proper limit do you think, i have 32/4 for mine
|
"Proper" depends on what's proper for your various servers. I use 3/30 for my ftpd server, which is in the opposite direction of what you've configured, which is allowing 32 connections every 4 seconds.
Remember, the syntax is <number> / <seconds>.