Quote:
Originally Posted by Carpetsmoker
Some webservers such as the Hiawatha webserver actually have these options builtin, (ConnectionsTotal, ConnectionsPerIP, BanOnFlooding, BanOnMaxPerIP options).
In the pf.conf for this forums I have:
For a time I monitored the overload table I used to see how often this limit was reached: Almost never, and when it was reached it was almost always by a bot, either a legitimate bot (i.e. google) or a bot of unclear origin and doubtful legitimacy.
I solved the problem by making a table with known bot addresses (Taken from iplists.com) which are exempted from this rule.
Why use max-src-conn and max-src-conn-rate? It prevent (D)DoS attacks.
|
if I understand good you advise me I make new table about bot , and I say to pf do not block this IP (bot IP)
Am I right ?
if I understand good , I have abuse table too , in abuse rule I define PF block max connection , I think this rule will block BOT IP too.
So I say PF dose not use abuse rule for BOT IP and use abuse rule for other function ?