Linux - Limit max bandwidth usage per IP

Question

I have been experiencing DDoS attacks on my web server, with some IPs using more than 50 Mbit/s.

Now if I would like to limit the max bandwidth usage for each unique IP to, lets say, 1 Mbit/s, what would be the best approach?

It will be very hard to limit inbound bandwidth without discussing it with your ISP. You should be able to control the outbound bandwidth fully though. — Slartibartfast, Mar 29 '11 at 04:46

score 1 · Answer 1 · answered Mar 29 '11 at 03:55

1

Try to see documentation about iptables there should be some config about caping bandwith.

But on the other end you should try to configure iptables to ban bad IPs so it will clear the problem and also you will be able to report IPs and time of the attack to authorities.

answered Mar 29 '11 at 03:55

Gopoi

547
5
21

I have tried to ban bad IPs and also report them, without luck. – user76231 Mar 29 '11 at 06:15

score 0 · Answer 2 · answered Mar 29 '11 at 04:09

0

These links will help you to limit bandwidth consumption per domain in an apache server

http://help.directadmin.com/item.php?id=339

http://svn.apache.org/repos/asf/httpd/sandbox/mod_bw/mod_bw.txt

answered Mar 29 '11 at 04:09

Suku

2,036
13
15

1

Thanks but I need something that works without apache – user76231 Mar 29 '11 at 06:12

score 0 · Accepted Answer · answered Mar 29 '11 at 07:07

You can do something better with iptables. http://www.zoominternet.net/~lazydog/iptables-tutorial.html#HASHLIMITMATCH

My suggestion would be to stop responding (for X time) to any source IP address that make more then X request in a X period of time. What you will need to set X to will depend on the DDOS attack. You want to block the attackers, but not normal traffic.

Linux - Limit max bandwidth usage per IP

3 Answers3