A rule set like the below may help;
iptables -I INPUT -p tcp --dport 3128 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 3128 -m state --state NEW -m recent --update --seconds 60 --hitcount 30 -j DROP
This should new requests being dropped when more than 30 connections have been established within 60 seconds.
Nick
-- On 23 Nov 2012, at 12:22, Eliezer Croitoru <eliezer_at_ngtech.co.il> wrote: > Hey Sekar, > > Basic IPTABLES setup should be able to do that for you. > it's better to do it in IPTABLES level then doing it in the upper level of the application such as squid. > It will allow the request to be rejected\close properly in the network level while what squid will prefer or will send error page instead of the content which I dont really like. > > If you are willing to sacrifice some performance you can use external_acl to count the requests per sec per ip and to allow or deny by that the request and present to the client a deny_info. > > Regards, > Eliezer > > On 11/23/2012 1:55 PM, Sekar Duraisamy wrote: >> Hi Team, >> >> Can we limit the inbound request rate in Squid configuration like 30 >> request/min , 10 request/sec like this regardless of the size. >> >> Thanks, >> Sekar >> > > -- > Eliezer Croitoru > https://www1.ngtech.co.il > sip:ngtech_at_sip2sip.info > IT consulting for Nonprofit organizations > eliezer <at> ngtech.co.ilReceived on Mon Nov 26 2012 - 09:55:13 MST
This archive was generated by hypermail 2.2.0 : Mon Nov 26 2012 - 12:00:03 MST