: How should the maximum concurrent connections from a single IP address be calculated? I am trying to implement a limit on the maximum number of concurrent connections a server can accept from
I am trying to implement a limit on the maximum number of concurrent connections a server can accept from a single IP address for DOS protection. I understand that HTTP/1.1 stipulates a maximum of two persistent connections per server (not clear whether it is based on server IP address or hostname) and that this requirement has not been followed by major browsers.
Browserscope website shows current browsers allowing 6-13 persistent connections per hostname and maximum connections of 10-60. Assuming that a maximum of 10 resources (HTML, images, css, javascripts) are served from two hostnames upon each page view, how should I derive this maximum concurrent connection limit so that HTTP request would not be dropped?
More posts by @Kristi941
1 Comments
Sorted by latest first Latest Oldest Best
If you are using Apache webserver then you could use the mod_security module and SecAction directive to apply rate limiting to requests by IP address.
For example (includes configuration script):
John Leach's Blog: Rate limiting with Apache and mod_security
Edited on 05-Nov-2014 following feedback:
Before imposing any limits, monitor the actual useage over a period of a week or a month (depending on how your traffic patterns look in Google Analytics).
Set an upper threshold limit, most people I speak to set it as your typical maximum usage plus between 5 and 25% but this really comes down to preference, and trial-and-error to see what works best for your website. I actually tend to set limits quite high such as at double or even sometimes more than double the normal usage since I know the server can handle it and the availability is the most important factor for me, but I trigger security alert messages when anything more than 5% happens so that I can closely watch or review logs and see if an attack is in progress. If you have the benefit of an enterprise-grade hardware firewall providing much greater protection against DoS/DDoS attacks then you may wish to configure your mod_security a little more generous with rate limits since most of the time attacks will be stopped before they reach your server, and pay closer attention to your hardware firewall logs and configuration.
Regularly check logs to see if your threshold needs to be increased or reduced in order to strike the right balance between correct operation of your website and protecting it from attacks.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.