DreamPhysix Posted April 5, 2012 Posted April 5, 2012 Does anyone use ConfigServer Firewall (specifically with cPanel)? I am using it but genuine users are being throttled and the log reports "IP too many connections" and says the number of requests to port 80 (HTTP), usually a couple hundred (e.g. 431 or 652). I changed CONNLIMIT parameter to 80;5000 and the throttling still occurs even at lower numbers. Anyone know the specifics of what's going on? ConfigServer forums don't seem to care about my post.
Royzee Posted April 5, 2012 Posted April 5, 2012 Used to have the same problem myself. I have used both cPHulk and Fail2ban with great success. They are both similar, and can be set to ban on x failed login attempts. I set them to 3 failed login attemtps. There is an option with either to send you email notifications.cPHulkFail2ban
DreamPhysix Posted April 5, 2012 Author Posted April 5, 2012 Used to have the same problem myself. I have used both cPHulk and Fail2ban with great success. They are both similar, and can be set to ban on x failed login attempts. I set them to 3 failed login attemtps. There is an option with either to send you email notifications.cPHulkFail2ban I don't want to just ban failed login attempts. I want to throttle users who are running resource-intensive scripts against the sites I host.
Royzee Posted April 5, 2012 Posted April 5, 2012 I don't want to just ban failed login attempts. I want to throttle users who are running resource-intensive scripts against the sites I host. Well, using either of those programs you will not get the "IP too many connections" mysql error. Instead of hundreds of connections they will be firewall blocked after the third attempt ( for 3 months with my settings). You can't get any more throttled than that.
p4guru Posted April 5, 2012 Posted April 5, 2012 do you have any reverse proxy service in front of your web server ? i.e. cloudflare, varnish, nginx reverse proxy for static files etc ? could be you haven't set x-forward-for (nginx) or equivalent web server settings (apache + mod_rpaf) to properly pass on visitor's ip address to backend web server ? And the front end proxy is passing on the proxy's ip address to the server instead of visitor's ip address ?
Recommended Posts
Archived
This topic is now archived and is closed to further replies.