i want to limit request per ip for a certain time like as if daily 2000 request coming from single ip address. i want to block this ip for 24 hours. after 24 hours it is automatically allow from server . is there any way to do this with using iptables ? can anyone help me? thanks in advance.
Asked
Active
Viewed 619 times
0
-
Just to clarify: typically when you're using `iptables` you could place a limit on the number of (concurrent) ***TCP connections*** (per time period). You can use the `-m connlimit --connlimit-*` or `-m hashlimit --hashlimit-mode srcip --hashlimit-*` [iptables-extensions](https://ipset.netfilter.org/iptables-extensions.man.html) and options for that. – diya Oct 24 '22 at 12:00
-
When you're normally talking about *"requests"* though, your talking about application level events, i.e. the number of `GET` or `POST` *requests* a web application needs to process, or the number of `SELECT/INSERT` *requests* a database server needs to process. Many protocols allow a client to re-use the connection to make new requests once the current requests completes, so limiting the number of TCP connections via iptables might not limit the number requests at all or not effectively. - Then you need to limit requests at the application level. - So what is your actual requirement/problem? – diya Oct 24 '22 at 12:01
-
Thanks for your reply i have a file server i want to block a single ip which request over 2000 to my server per day is there any solution for this?? – Soikot Nov 08 '22 at 09:09
-
1`-m quota` can account bytes or packets. combined with conntrack it can account flows. What it's not designed to do, as well as most of iptables use, is to account for (layer 7) requests. Also quota has limitations, quota2 from xtables-addons is probably better (or also nftables). Anyway, using a tool that checks application logs (such as an reconfigured fail2ban) might be better to handle requests. – A.B Nov 08 '22 at 11:36