HPE Community
Operating System - HP-UX
1751925 Members
5159 Online
108783 Solutions
New Discussion юеВ

how to limit a maximun of connections to a tcp port

 
SOLVED
Go to solution
likid0
Honored Contributor

тАО11-10-2009 04:02 AM

тАО11-10-2009 04:02 AM

how to limit a maximun of connections to a tcp port

I have to limit tha ammount of connections to tcp port 80, I thought about ipfilter, looking at the docs I ended up with something like this:

pass in quick proto tcp from any to any port = 80 flags S keep state (limit 10)

But when I try to apply the rule it doesn't like the limit 10 :

# ipf -Fa -f /etc/opt/ipf/ipf.conf
1: unknown words at end: [(limit 10) ]

my version of ipf:

ipf: HP IP Filter: v3.5alpha5 (A.11.23.15.01) (376)
Kernel: HP IP Filter: v3.5alpha5 (A.11.23.15.01)

any idea how to write the limit correctly ?

does someone have a better idea on how to do this?
Windows?, no thanks
0 Kudos
Reply
3 REPLIES 3
likid0
Honored Contributor

тАО11-10-2009 04:39 AM

тАО11-10-2009 04:39 AM

Re: how to limit a maximun of connections to a tcp port

I am know triying with:

block in log proto tcp from any to any port = 80
pass in log quick proto tcp from any to any port = 80 keep limit 1


but I can make as many connections as I like to apache, something must be wrong
Windows?, no thanks
0 Kudos
Reply
rick jones
Honored Contributor

тАО11-10-2009 04:21 PM

тАО11-10-2009 04:21 PM

Solution

Re: how to limit a maximun of connections to a tcp port

Perhaps Apache itself has a way to limit how many connections it will service at one time? Assuming of course, you are running Apache and your mention of TCP port 80 is meant to imply HTTP traffic.
there is no rest for the wicked yet the virtuous have no pillows
Reply
likid0
Honored Contributor

тАО11-11-2009 12:47 AM

тАО11-11-2009 12:47 AM

Re: how to limit a maximun of connections to a tcp port

Hi rick,

The problem is I have to test not only with apache also with bea weblogic frontends.

I have the ipfilter working but it doesn't do what I need, because the limit connections per IP address not in total. I am using:

pass return-rst in log limit quick proto tcp from 10.0.0.0/8 to any port = 80 keep limit 5

but this limits the maximun connections per IP from the 10.0.0.0/8 subnet to port 80 to 5 active connections.

but I need a limit of 5 connections from the hole subnet.

:**
Windows?, no thanks
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.