Date: Sun, 29 May 2016 22:50:11 +0930 From: Shane Ambler <FreeBSD@ShaneWare.Biz> To: Will Squire <will_squire@hotmail.co.uk>, freebsd-questions@freebsd.org Subject: Re: Can ipfw be used to limit concurrent requests from an IP? Message-ID: <574AEC8B.5080701@ShaneWare.Biz> In-Reply-To: <BLU436-SMTP926330783884990F4A0231DA420@phx.gbl> References: <BLU436-SMTP926330783884990F4A0231DA420@phx.gbl>
next in thread | previous in thread | raw e-mail | index | archive | help
On 28/05/2016 05:04, Will Squire wrote: > Can ipfw limit the number requests in a given amount of time from a > specific IP? > > To contextualise, if an IP sends requests in high concurrency (let's > say 50 a second) can ipfw either block requests the exceed a > threshold for that second (lets say the threshold is 20, 30 would be > blocked), or ban/deny the given IP for exceeding a threshold? > > The aim is to lessen strain under DoS attacks, specifically for HTTP. > The system is using Apache and mod_evasive has been added and tested, > but it is not functioning correctly. > > (P.S. The freebsd-ipfw list seems to be for development of the > technology only, so asking this here. Please let me know if this > isn’t the case) You might want to look at sshguard http://www.freshports.org/security/sshguard-ipfw/ http://www.sshguard.net/ -- FreeBSD - the place to B...Software Developing Shane Ambler
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?574AEC8B.5080701>