View Single Post
  #4   (View Single Post)  
Old 14th July 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

Quote:
Originally Posted by chazz View Post
...The third and fourth rules would be needed if the webserver does a CURL/wget however, correct?
Not by my understanding; I believe cURL or wget still act like standard web clients, so the server should see normal http/https requests, with nothing originated by the web server. The only reason pass rules 3/4 would be involved would be if the webserver initiated contact to a remote address, and used outgoing port #80. I can't see either happening with normal web applications.
Quote:
I also have max-src-conn-rate on FTP, what would be a proper limit do you think, i have 32/4 for mine
"Proper" depends on what's proper for your various servers. I use 3/30 for my ftpd server, which is in the opposite direction of what you've configured, which is allowing 32 connections every 4 seconds. Remember, the syntax is <number> / <seconds>.
Reply With Quote