Changes between Version 6 and Version 7 of WebserverSetup


Ignore:
Timestamp:
03/24/15 11:55:38 (9 years ago)
Author:
joe
Comment:

added note re:iptables rule to slow abusive parallel downloads

Legend:

Unmodified
Added
Removed
Modified
  • WebserverSetup

    v6 v7  
    216216 
    217217As the process ID is listed, you can also use this to get information about processes that you identify as problematic via the unix `ps` or `top` commands. 
     218 
     219 
     220= Slowing Abusive Parallel Downloading = 
     221 
     222There are modules that allow you to do rate limiting within the webserver, but if you have a machine using IPTables, you can limit a given IP address to only 5 connections at once using: 
     223 
     224{{{ 
     225-A INPUT -p tcp -m tcp --dport 80 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 5 --connlimit-mask 32 -j REJECT --reject-with tcp-reset 
     226}}} 
     227 
     228You can also set limits per IP block by reducing `--connlimit-mask`.  Use `--connlimit-mask=24` for a 256 IP address block. 
     229