Board index IIS

IIS6 & connection limit / minute, how?

IIS6 & connection limit / minute, how?

Post by Tomasz Bry » Mon, 24 Nov 2003 19:35:23


Hello!

I've got couple of sites running on php/mysql/2003/iis (about 200 000 pages
daily) and have a problem of people beeing able to DoS my server by
generating lots of requests (propably with tools like HTTrack or Teleport).

Is it possible to somehow limit the number od connections/requests from a
single IP in a specified period of time (for ex. 100 per minute, if it
exceeds this value IP gets banned)? Some ISAPI filter or sth... ? Thx!

-- Tomasz Bryja
 
 
 
Top

IIS6 & connection limit / minute, how?

Post by David Wang » Mon, 24 Nov 2003 21:22:10

There is no such metric in IIS that drops requests from a given IP after it
utilizes a certain threshold. Even if there is such a metric, it's not
going to help against a brute-force DoS.

In other words, suppose your webserver is able to serve 100,000 pages a
second. If your enemy can send you 1 million page requests per second and
they are all valid, you are going to get DoS'd. Even if you figure out who
they are and drop drop their requests at the router before they f lood your
server, they can still flood your server's incoming data pipe beyond the
router, which still DoS your server as far as network connectivity goes.

--
//David
IIS
This posting is provided "AS IS" with no warranties, and confers no rights.
//


Hello!

I've got couple of sites running on php/mysql/2003/iis (about 200 000
pages
daily) and have a problem of people beeing able to DoS my server by
generating lots of requests (propably with tools like HTTrack or
Teleport).

Is it possible to somehow limit the number od connections/requests from a
single IP in a specified period of time (for ex. 100 per minute, if it
exceeds this value IP gets banned)? Some ISAPI filter or sth... ? Thx!

-- Tomasz Bryja

 
 
 
Top

IIS6 & connection limit / minute, how?

Post by Tomasz Bry » Mon, 24 Nov 2003 21:55:43

Hello!




Not necessarily -- in this case the problem is not IIS itself, but SQL taking
over the CPU when somebody tries to run Teleport/HTTrack/whatever on web-based
forums (phpBB, to save it for offline usage). Once disabled, such attempts
would not be harmful -- the problem is only to detect them and react not on
the site level (scripts checking the web browser signature which can be
faked) but on a server level. Am I correct?

-- Tomasz Bryja
 
 
 
Top

1. IIS6 / Connection Limit

2. how to edit "TCP Connections per Minute from One IP Address Limit Exceeded" rule

3. hoe to edit "TCP Connections per Minute from One IP Address Limit Exceeded" rule

4. Max Connection Limit Exceeded - How do I limit connections to a server?

5. Can IIS6 serve a couple of thousand 1-page web requests per minute?

6. Ubuntu Lurid crapwa 5 minutes uptime, 1 minute uptime, and 0 minutes uptime

7. IIS6.0 and 2GB File Size Limit??

8. Unlimited IIS6 Buffer Limit

9. Possible Memory Limits with Classic ASP on IIS6?

10. IIS6 - Response Buffer Limit Exceeded

11. ASP Response Buffer Limit IIS6

12. IIS6: Response Buffer Limit Exceeded

13. Limited rights in IIS6?

14. MSSQL 2000 Developer connection limit & boolean connection

15. SBS 2003 - Internet Connection Limit on multiple connections

All times are UTC
Board index