Forum
Sometimes Hiawatha seems to not kick IPs
alexpacio
1 July 2015, 12:30
Hi,
i deployed Hiawatha to host a high traffic load Magento website, but I'm encountering this problem: it seems that Hiawatha forgets to kick some clients.
For example, i see many connections from one IP which is regularly blocked since I set a limit for connections per IP on Hiawatha...but sometimes, even if it creates many connections (an higher number than the limit), it isn't kicked.
This behaviour is random.
My hiawatha version is 9.13 and OS is CentOS 7.1 64bit.
i deployed Hiawatha to host a high traffic load Magento website, but I'm encountering this problem: it seems that Hiawatha forgets to kick some clients.
For example, i see many connections from one IP which is regularly blocked since I set a limit for connections per IP on Hiawatha...but sometimes, even if it creates many connections (an higher number than the limit), it isn't kicked.
This behaviour is random.
My hiawatha version is 9.13 and OS is CentOS 7.1 64bit.
Hugo Leisink
1 July 2015, 12:55
How do you measure the current amount of connections per IP?
alexpacio
2 July 2015, 12:46
Hi Hugo,
through this command: netstat -plan|grep :80|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1
and through my firewall's connection state table
through this command: netstat -plan|grep :80|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1
and through my firewall's connection state table
Hugo Leisink
2 July 2015, 12:48
To see the actual amount of connections, try Tomahawk (see Hiawatha manual page). I'm very sure Hiawatha's connection count works fine. So, there must be another reason why the output of your command shows something different.
alexpacio
3 July 2015, 16:05
Hi Hugo,
my website is under attack and it went down again.
I saw through Tomahawk that connections between a clients and the webservers (which are multiple for every click I do through the web browser) are not flushed by time, and so if I put flooding restrictions they also block legitimate clients due to the many connections I see from them.
How can I limit this phenomenon?
my website is under attack and it went down again.
I saw through Tomahawk that connections between a clients and the webservers (which are multiple for every click I do through the web browser) are not flushed by time, and so if I put flooding restrictions they also block legitimate clients due to the many connections I see from them.
How can I limit this phenomenon?
Hugo Leisink
3 July 2015, 16:32
What kind of attack? And can you show me your configuration?
alexpacio
4 July 2015, 17:37
Hi Hugo,
with the help of Tomahawk I found that browsers are estabilishing many connections to the website for every click the ends user does, so connections per IP increase drammatically and so hiawatha kicks those IPs when they react the connection limit per IP which I set in the conf file.
How could I make those connections expire faster than now?
P.s. if you want a can send you the config by mail
with the help of Tomahawk I found that browsers are estabilishing many connections to the website for every click the ends user does, so connections per IP increase drammatically and so hiawatha kicks those IPs when they react the connection limit per IP which I set in the conf file.
How could I make those connections expire faster than now?
P.s. if you want a can send you the config by mail
alexpacio
4 July 2015, 17:38
Moreover, I'm trying to play with ChallengeClient, but it seems to block Google Analytics bots. Is there a way to make them pass while keeping ChallengeClient on?
Hugo Leisink
6 July 2015, 09:37
If browsers care setting up many connections, than Hiawatha does what it is told to do: kick browsers who setup many connections. I have no idea what's going on, but I have never heard of a browser that sets up a new connection for every click. I'm sure something else is going wrong, which makes it look like that.
How do you want to exclude Google bots from the ChallengeClient option? By IP?
How do you want to exclude Google bots from the ChallengeClient option? By IP?
This topic has been closed.
Copyright © by Hugo Leisink. All rights reserved.
Built upon the Banshee PHP framework.
Built upon the Banshee PHP framework.
