Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 3643 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

to many requests from one IP

Danik
Hello everyone

Can someone help me to configure my astaro so my websites can be protected?

The problem is that someone from internet send to many connection requests to my website (from the same IP) and noboby can open my website because of that.

Is there an option to set the request limit per second ?

This is the WAF log: 2011:10:13-18:48:51 Router reverseproxy: srcip="92.115.253.71" localip="myip" size="0" user="-" host="92.115.253.71" method="-" statuscode="408" reason="-" extra="-" time="11" url="-" server="mywebsite" referer="-" cookie="-" set-cookie="-"

Thankyou

sorry for my bad english


This thread was automatically locked due to age.
  • 0
    You can select 'Block clients with bad reputation' in the 'Firewall Profile' used for your server.  Depending on your situation, you might try lowering the threshhold for 'TCP SYN Flood Protection' on the 'Anti-DoS Flooding' tab of Intrusion Prevention.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    You can select 'Block clients with bad reputation' in the 'Firewall Profile' used for your server.  Depending on your situation, you might try lowering the threshhold for 'TCP SYN Flood Protection' on the 'Anti-DoS Flooding' tab of Intrusion Prevention.

    Cheers - Bob


    The bad reputation is enabled, about SYN Flood i tryed 1/20/50/100 packets per second and it didn't help me [:(]

    PS: to moderators, please move this topic to : Web Application Security folder
  • 0
    PS: to moderators, please move this topic to : Web Application Security folder
    You've been moved.
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
  • 0
    Since it's just one IP address, can't you just deny that packet in the firewall?
  • 0
    I'd be interested to know if it's possible to drop the packets with a Firewall (Packet Filter) rule.  In general, DNATs come before proxies and proxies come before manual firewall and routing rules.  If mkleine's suggestion doesn't work, try a DNAT that forwards the traffic to a non-existent IP.  Please let us know your results.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    The firewall doesnt block the traffic, but the rule that forwards the traffic to a non-existing Network IP works fine.

    Anyway the IP that was added to the drop list cant be changed anytime by the attacker  so the website won't be protected again until i check the logs ...

    Can this protection be enabled so the astaro automaticaly will protect the website?
Unfiltered HTML