Forum Discussion
bezeqint
Nimbostratus
NimbostratusiRule to mitigate attack
hello,
i need to protect mail servers from a virus attack.
we have a network with users. some of them are using the mail servers, some of them are attacking the mail servers. we see th...
bezeqintNimbostratus
Nimbostratusthe first link limit connection per virt - this is not what i'm looking for.
the second link is much better.
i've edit the irule and it looks something like this:
what happend to other networks (outside the datagroup)? they wont be limited?
Data group mapping hosts/networks to connection limit values
class conn_limit_dg {
network 10.0.0.0/8 { "2" }
}
when RULE_INIT {
This defines how long is the sliding window to count the requests. This example allows 10 requests in 3 seconds
set static::windowSecs 3
}
when CLIENT_ACCEPTED {
Max connections per client IP
set limit [class match -value [IP::client_addr] equals conn_limit_dg]
log local0. "[IP::client_addr]: \$limit: $limit"
Check if client IP is in the connection limit data group and the request is a GET
if { $limit ne "" } {
set getCount [table key -count -subtable [IP::client_addr]]
log local0. "[IP::client_addr]: getCount=$getCount"
if { $getCount < $limit} {
incr getCount 1
table set -subtable [IP::client_addr] $getCount "" indefinite $static::windowSecs
} else { log local0. "[IP::client_addr]: exceeded the number of requests allowed. $getCount / $limit"
reject
}
}
}