K kuts Well-Known Member Sep 16, 2008 #1 Sep 16, 2008 #1 Is the connection we're talking about here the value of netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
Is the connection we're talking about here the value of netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
M mistwang LiteSpeed Staff Sep 16, 2008 #2 Sep 16, 2008 #2 No, you need to count connections in "ESTABLISHED" state only.
K kuts Well-Known Member Oct 3, 2008 #3 Oct 3, 2008 #3 I'm trying to put a limit on the Soft and Hard connections but I don't want to ban legitimate connections. What's the safe value to put in the soft and hard?
I'm trying to put a limit on the Soft and Hard connections but I don't want to ban legitimate connections. What's the safe value to put in the soft and hard?
M mistwang LiteSpeed Staff Oct 3, 2008 #4 Oct 3, 2008 #4 Soft limit should be 15-20, hard limit around 30. FireFox 3 is known to use up to 20 concurrent connections.
Soft limit should be 15-20, hard limit around 30. FireFox 3 is known to use up to 20 concurrent connections.
K kuts Well-Known Member Oct 3, 2008 #5 Oct 3, 2008 #5 How do I know if LS blocked some legitimate connections after I've set these values? So I can increase the limit just in case.
How do I know if LS blocked some legitimate connections after I've set these values? So I can increase the limit just in case.
M mistwang LiteSpeed Staff Oct 3, 2008 #6 Oct 3, 2008 #6 error.log will log IPs being blocked. You can check that IP against access log what url has been accessed to determine it is an attacker or not. And usually, an attacking IP will be banned again immeditely after previous ban being lift.
error.log will log IPs being blocked. You can check that IP against access log what url has been accessed to determine it is an attacker or not. And usually, an attacking IP will be banned again immeditely after previous ban being lift.
