Forum
Configuration setting is confusing me
RaGe10940
11 February 2013, 04:18
Hiawatha version: 8.7
Operating System: 12.04 Ubuntu Desktop
I've been having a problem since day one of banning myself for maxIP's per client..
my config is set up like so :
ServerId = www-data
ConnectionsTotal = 130
ConnectionsPerIP = 10
SystemLogfile = /usr/local/var/log/hiawatha/system.log
GarbageLogfile = /usr/local/var/log/hiawatha/garbage.log
ExploitLogfile = /usr/local/var/log/hiawatha/exploit.log
MinSSLversion = TLS1.1
ServerString = Apache/2.4.3
10 connections per IP and a total of 13 IP's that will be connecting (this is absolute)
However I keep getting a error in the system log :
192.168.1.4|Sun 10 Feb 2013 22:15:50 -0500|Maximum number of connections for IP address reached
192.168.1.4|Sun 10 Feb 2013 22:15:50 -0500|Client banned because of too many simultaneous connections
I mediated this problem by removing BonOnMaxIP but I feel for maximum security I should keep this active. However this security is making the app unusable. Is there a way for the server to drop the connection once the request has been served in full?
Operating System: 12.04 Ubuntu Desktop
I've been having a problem since day one of banning myself for maxIP's per client..
my config is set up like so :
ServerId = www-data
ConnectionsTotal = 130
ConnectionsPerIP = 10
SystemLogfile = /usr/local/var/log/hiawatha/system.log
GarbageLogfile = /usr/local/var/log/hiawatha/garbage.log
ExploitLogfile = /usr/local/var/log/hiawatha/exploit.log
MinSSLversion = TLS1.1
ServerString = Apache/2.4.3
10 connections per IP and a total of 13 IP's that will be connecting (this is absolute)
However I keep getting a error in the system log :
192.168.1.4|Sun 10 Feb 2013 22:15:50 -0500|Maximum number of connections for IP address reached
192.168.1.4|Sun 10 Feb 2013 22:15:50 -0500|Client banned because of too many simultaneous connections
I mediated this problem by removing BonOnMaxIP but I feel for maximum security I should keep this active. However this security is making the app unusable. Is there a way for the server to drop the connection once the request has been served in full?
RaGe10940
11 February 2013, 04:24
Now I remember you telling me to use 10 per IP and 150 total, but when each IP will have only 10 and only 13 IP's will connect I don't see fit why it will need more. I will run a firebug analysis of my data first thing tomorrow.
I feel pretty confident in my understanding of the configuartion settings.
I also don't think I need to specifiy anything else differently, the maxkeepalive and timeforrequest as they have nothing to do with the actual ConnectionsPerIP and that I haven't gotten any errors for either of the two.
I feel pretty confident in my understanding of the configuartion settings.
I also don't think I need to specifiy anything else differently, the maxkeepalive and timeforrequest as they have nothing to do with the actual ConnectionsPerIP and that I haven't gotten any errors for either of the two.
Hugo Leisink
11 February 2013, 09:34
A browser can use up to 6 connections for one website. So, if you have more than one website on your server and you request them both, it's likely that the amount of connections from your browser to your webserver exceeds 10. Try 25 (enough for 4 connections). Yes, 25 connections can be enough to slow down your webserver in a DoS attack, but it's better than 150 connections. Don't see this option as an absolute DoS-attack prevention, just as a contribution to it.
If you seriously expect DoS-attacks, take a look at ReconnectDelay, BanOnFlooding and MaxServerLoad (use this one with caution).
If you seriously expect DoS-attacks, take a look at ReconnectDelay, BanOnFlooding and MaxServerLoad (use this one with caution).
RaGe10940
11 February 2013, 13:18
BanOnFlooding was a lot of fun to work on 
I have it set up as so : BanOnFlooding = 10/1:36000, and alright, I will up the ConnectionsPerIP and I will also then use
CPP = connections per IP
CPP * 13 = Max Total Connections.
Thanks for the response Hugo, and yes I will look into ReconnectDelay.
I have it set up as so : BanOnFlooding = 10/1:36000, and alright, I will up the ConnectionsPerIP and I will also then use CPP = connections per IP
CPP * 13 = Max Total Connections.
Thanks for the response Hugo, and yes I will look into ReconnectDelay.
This topic has been closed.
Copyright © by Hugo Leisink. All rights reserved.
Built upon the Banshee PHP framework.
Built upon the Banshee PHP framework.
