Date: Tue, 31 May 2016 20:30:15 +0100 From: Will Squire <will_squire@hotmail.co.uk> To: Shane Ambler <FreeBSD@ShaneWare.Biz> Cc: freebsd-questions@freebsd.org Subject: Re: Can ipfw be used to limit concurrent requests from an IP? Message-ID: <BLU436-SMTP26047098CA1D084B38B4318DA460@phx.gbl> In-Reply-To: <574AEC8B.5080701@ShaneWare.Biz> References: <BLU436-SMTP926330783884990F4A0231DA420@phx.gbl> <574AEC8B.5080701@ShaneWare.Biz>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 29 May 2016, at 14:20, Shane Ambler <FreeBSD@ShaneWare.Biz> wrote: >=20 > On 28/05/2016 05:04, Will Squire wrote: >> Can ipfw limit the number requests in a given amount of time from a >> specific IP? >>=20 >> To contextualise, if an IP sends requests in high concurrency (let's >> say 50 a second) can ipfw either block requests the exceed a >> threshold for that second (lets say the threshold is 20, 30 would be >> blocked), or ban/deny the given IP for exceeding a threshold? >>=20 >> The aim is to lessen strain under DoS attacks, specifically for HTTP. >> The system is using Apache and mod_evasive has been added and tested, >> but it is not functioning correctly. >>=20 >> (P.S. The freebsd-ipfw list seems to be for development of the >> technology only, so asking this here. Please let me know if this >> isn=C3=A2=E2=82=AC=E2=84=A2t the case) >=20 > You might want to look at sshguard >=20 > http://www.freshports.org/security/sshguard-ipfw/ >=20 > http://www.sshguard.net/ Thanks Shane. Do you have any examples of how to implement=20 this with Apache? Already have SSHGuard installed, so would be ideal if I can extend the functionality to the Apache service. Did a bit of googling on this before, but didn't find any=20 standard instructions (simple ones for simple minds) between=20 different sources and think perhaps I=E2=80=99ve missed something? I = didn=E2=80=99t=20 add the rule `ipfw add deny all from 'table(22)' to any` that the=20 port=E2=80=99s description specified because I read somewhere else=20 it wasn=E2=80=99t necessary=E2=80=A6 And it also differed to this example documentation for ipfw (which I=20 found confusing): http://www.sshguard.net/docs/setup/ = <http://www.sshguard.net/docs/setup/>; So, I=E2=80=99m thinking I either need to add the following to = `/etc/rc.conf`: = `sshguard_watch_logs=3D=E2=80=9C/var/log/auth.log:/var/log/maillog:/var/lo= g/httpd-access.log=E2=80=9D` to get SSHGuard to poll the Apache log file, or I can pipe the=20 Apache logs directly into SSHGaurd like the syslogd example=20 (but I=E2=80=99m not sure how to do this one, or which one is best)? And = do=20 I need to go back and setup some ipfw rules for SSHGuard to=20 work properly? Thank you >=20 > --=20 > FreeBSD - the place to B...Software Developing >=20 > Shane Ambler > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to = "freebsd-questions-unsubscribe@freebsd.org=E2=80=9D Kind regards, Will Squire
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BLU436-SMTP26047098CA1D084B38B4318DA460>