Using iptables to limit connections

[Nod]

From Cyberciti

How do I restrict the number of connections used by a single IP address to my server for port 80 and 25 using iptables?

You need to use the connlimit modules which allows you to restrict the number of parallel TCP connections to a server per client IP address (or address block).

This is useful to protect your server or vps box against flooding, spamming or content scraping.

 

[fskmh]

Another way to manage the no. of connections, specifically to your Apache web server is to use mod_limitipconn:

http://dominia.org/djao/limitipconn2.html

Once installed you need to edit the Apache config file. On my Slackware box this is /etc/httpd/httpd.conf:

Look for the DSO support section and add this (this example is for 64 bit, hence the lib64 path):

LoadModule limitipconn_module lib64/httpd/modules/mod_limitipconn.so

Then you just add some mod_limitipconn directives:

# mod_limitipconn.c
#
# Allows web server administrators to limit the number of simultaneous
# downloads permitted from a single IP address. 
#
<IfModule mod_limitipconn.c>
     # Set a server-wide limit of 10 simultaneous downloads per IP,
    # no matter what.
    MaxConnPerIP 10
    <Location /blah>
        # This section affects all files under /blah
        MaxConnPerIP 4
        # exempting images from the connection limit is often a good
        # idea if your web page has lots of inline images, since these
        # pages often generate a flurry of concurrent image requests
        NoIPLimit image/*
    </Location>

    <Directory /home/*/public_html>
        # This section affects all files under /home/*/public_html
        MaxConnPerIP 1
        # In this case, all MIME types other than audio/mpeg and video*
        # are exempt from the limit check
        OnlyIPLimit audio/mpeg video
    </Directory>
</IfModule>