Limit connections per IP
Limit connections per IP
Hi,
I have a VestaCP on Ubuntu. I am trying to achieve some sort of DOS protection. Before VestaCP, I've managed to do that with iptables and/or ufw. The problem now is that none of them work.
Here's what I do:
1. /sbin/iptables -A INPUT -p tcp --syn --dport 443 -m connlimit --connlimit-above 50 -j REJECT
2. from another IP, I run ab -n 2700 -c 100 -k -H "Accept-Encoding: gzip, deflate" https://www.mydomain.tld/
Everything is down in seconds.
Can someone please tell me how can I achieve at least a minimum, decent DOS protection?
Cheers,
Bob
I have a VestaCP on Ubuntu. I am trying to achieve some sort of DOS protection. Before VestaCP, I've managed to do that with iptables and/or ufw. The problem now is that none of them work.
Here's what I do:
1. /sbin/iptables -A INPUT -p tcp --syn --dport 443 -m connlimit --connlimit-above 50 -j REJECT
2. from another IP, I run ab -n 2700 -c 100 -k -H "Accept-Encoding: gzip, deflate" https://www.mydomain.tld/
Everything is down in seconds.
Can someone please tell me how can I achieve at least a minimum, decent DOS protection?
Cheers,
Bob
Re: Limit connections per IP
It will depend of how many conection you get per second
You can try with nginx will work very fine to 1000req/s or something more, also depends of your server capacity or your network
If not is a big DDOS and just some DOS, try with nginx rate limit module, you can limite conextions per IP in easy way
If you have VZ vps you will have problems with some iptables modules.
You can try with nginx will work very fine to 1000req/s or something more, also depends of your server capacity or your network
If not is a big DDOS and just some DOS, try with nginx rate limit module, you can limite conextions per IP in easy way
If you have VZ vps you will have problems with some iptables modules.
Re: Limit connections per IP
VestaCP works well with Cloudflare which will protect you for free on general attack such as basic dos