Quote:
this is more useful to restrict ssh access...
For a webserver, it is quite annoying.
|
Some webservers such as the Hiawatha webserver actually have these options builtin, (ConnectionsTotal, ConnectionsPerIP, BanOnFlooding, BanOnMaxPerIP options).
In the pf.conf for this forums I have:
Quote:
source-track max-src-conn 50 max-src-conn-rate 200/10
|
For a time I monitored the overload table I used to see how often this limit was reached: Almost never, and when it was reached it was almost always by a bot, either a legitimate bot (i.e. google) or a bot of unclear origin and doubtful legitimacy.
I solved the problem by making a table with known bot addresses (Taken from iplists.com) which are exempted from this rule.
Why use max-src-conn and max-src-conn-rate? It prevent (D)DoS attacks.