Haha..if only that command works for me.
iptables -A INPUT -p tcp --dport 80 -i eth0 -m limit --limit 1/minute --limit-burst 9 -j ACCEPT
For above command, basically it works, but user will have difficulties to browse the same site using http, where the site will not load.
I guess that's the problem with Downloads and HTTP traffic going through the same port
maybe just limit how much bandwidth a user can have at any given time?
Bandwidth is not a problem since the VPS is unmetered.
Right now, I've increased the MaxKeepAliveRequests from httpd.conf from 100 to 300 and implement the command below:
iptables -A INPUT -p tcp --dport 80 -i eth0 -m limit --limit 1/minute --limit-burst 9 -j ACCEPT
Some update:
Why when I put above command, it give me error as below:Code:iptables -p tcp --syn --dport 80 -m connlimit --connlimit-above 16 --connlimit-mask 24 -j REJECT
iptables: No chain/target/match by that name.
Ubuntu Server 10.04
I do not get the same error with your exact code as above. Anyway, you didn't specify a chain. I don't know if you wanted the INPUT chain or elsewhere, but this worked for me (meaning executed without error):
Code:sudo iptables -A INPUT -p tcp --syn --dport 80 -m connlimit --connlimit-above 16 --connlimit-mask 24 -j REJECT
Bookmarks