Date: Tue, 31 May 2016 20:30:15 +0100 From: Will Squire <will_squire@hotmail.co.uk> To: Shane Ambler <FreeBSD@ShaneWare.Biz> Cc: freebsd-questions@freebsd.org Subject: Re: Can ipfw be used to limit concurrent requests from an IP? Message-ID: <BLU436-SMTP26047098CA1D084B38B4318DA460@phx.gbl> In-Reply-To: <574AEC8B.5080701@ShaneWare.Biz> References: <BLU436-SMTP926330783884990F4A0231DA420@phx.gbl> <574AEC8B.5080701@ShaneWare.Biz>
index | next in thread | previous in thread | raw e-mail
> On 29 May 2016, at 14:20, Shane Ambler <FreeBSD@ShaneWare.Biz> wrote: > > On 28/05/2016 05:04, Will Squire wrote: >> Can ipfw limit the number requests in a given amount of time from a >> specific IP? >> >> To contextualise, if an IP sends requests in high concurrency (let's >> say 50 a second) can ipfw either block requests the exceed a >> threshold for that second (lets say the threshold is 20, 30 would be >> blocked), or ban/deny the given IP for exceeding a threshold? >> >> The aim is to lessen strain under DoS attacks, specifically for HTTP. >> The system is using Apache and mod_evasive has been added and tested, >> but it is not functioning correctly. >> >> (P.S. The freebsd-ipfw list seems to be for development of the >> technology only, so asking this here. Please let me know if this >> isn’t the case) > > You might want to look at sshguard > > http://www.freshports.org/security/sshguard-ipfw/ > > http://www.sshguard.net/ Thanks Shane. Do you have any examples of how to implement this with Apache? Already have SSHGuard installed, so would be ideal if I can extend the functionality to the Apache service. Did a bit of googling on this before, but didn't find any standard instructions (simple ones for simple minds) between different sources and think perhaps I’ve missed something? I didn’t add the rule `ipfw add deny all from 'table(22)' to any` that the port’s description specified because I read somewhere else it wasn’t necessary… And it also differed to this example documentation for ipfw (which I found confusing): http://www.sshguard.net/docs/setup/ <http://www.sshguard.net/docs/setup/>; So, I’m thinking I either need to add the following to `/etc/rc.conf`: `sshguard_watch_logs=“/var/log/auth.log:/var/log/maillog:/var/log/httpd-access.log”` to get SSHGuard to poll the Apache log file, or I can pipe the Apache logs directly into SSHGaurd like the syslogd example (but I’m not sure how to do this one, or which one is best)? And do I need to go back and setup some ipfw rules for SSHGuard to work properly? Thank you > > -- > FreeBSD - the place to B...Software Developing > > Shane Ambler > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org” Kind regards, Will Squirehelp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BLU436-SMTP26047098CA1D084B38B4318DA460>