A rule set like the below may help; iptables -I INPUT -p tcp --dport 3128 -m state --state NEW -m recent --set iptables -I INPUT -p tcp --dport 3128 -m state --state NEW -m recent --update --seconds 60 --hitcount 30 -j DROP
This should new requests being dropped when more than 30 connections have been established within 60 seconds. Nick -- On 23 Nov 2012, at 12:22, Eliezer Croitoru <[email protected]> wrote: > Hey Sekar, > > Basic IPTABLES setup should be able to do that for you. > it's better to do it in IPTABLES level then doing it in the upper level of > the application such as squid. > It will allow the request to be rejected\close properly in the network level > while what squid will prefer or will send error page instead of the content > which I dont really like. > > If you are willing to sacrifice some performance you can use external_acl to > count the requests per sec per ip and to allow or deny by that the request > and present to the client a deny_info. > > Regards, > Eliezer > > On 11/23/2012 1:55 PM, Sekar Duraisamy wrote: >> Hi Team, >> >> Can we limit the inbound request rate in Squid configuration like 30 >> request/min , 10 request/sec like this regardless of the size. >> >> Thanks, >> Sekar >> > > -- > Eliezer Croitoru > https://www1.ngtech.co.il > sip:[email protected] > IT consulting for Nonprofit organizations > eliezer <at> ngtech.co.il
