Re: Source IP rate limiting

From: Baptiste <>
Date: Thu, 10 Nov 2011 13:56:18 +0100

On Thu, Nov 10, 2011 at 12:48 PM, Alex Davies <> wrote:
> Hi,
> I am interested in rate limiting connections from users to stop small DOS
> 'attacks' from individual users.
> I see the excellent post at
> have followed this in a test enviroment.
> I have the following questions:
> * What is the best way to monitor the # of connections that are being
> rejected as a result of this from the log? The socat example in that post
> seems - to me - to show the number of IPs in the relevant tables as opposed
> to the number of connections that are being rejected. Is it possible also to
> know which 'reject' the request is blocked by (from the example post there
> are 2)
> * Is it possible to 'hash' on a specific cookie value (i'm thinking
> PHPSESSID) as well as IP, i.e. if connections for any given PHPSESSID value
> reaches x per minute block?
> Many thanks,
> Alex
> --
> Alex Davies


You can know the numbre of rejected request through the logs.

You can use a str stick table and store the PHPSESSID in it.

And you can capture the cookie value in the logs as well to know how many request have been rejected.

cheers Received on 2011/11/10 13:56

This archive was generated by hypermail 2.2.0 : 2011/11/10 14:00 CET