Focus on Linux
Re: Dynamic firewall based on bandwidth usage ? Oct 10 2006 06:45PM
Esteban Ribicic (kisero gmail com)
> if your load balancer does not allow you to throttle down (1) connections or
> (2) throughput based on certain rule, i would use mod_throttle on the
> apaches.
>
> number of connections is easily accounted on the connection tracking ...
> rate or throughput (rate based on time) per source ip (if thats the only you
> have) i guess you have to do it on the apaches...
>
> depending the content they are downloading, you might save bandwith with
> http compression based on gzip...
>
>
>
> On 10/8/06, FM <dist-list (at) lexum.umontreal (dot) ca [email concealed] > wrote:
> > Hello,
> > I have a common problem but cannot find a solution.
> >
> > My setup :
> > all servers are Redhat Enterprise 4
> > CISCO PIX in front on a HTTP load Balancer/failover (called a director
> > in the L.V.S. jargon) that sends requests to 4 web servers (cluster
> > setup based on Linux Virtual Server include in redhat cluster suite).
> >
> > Now my prob :-)
> >
> > From time to time users download our site and block all http connexion,
> > and worst, use all our bandwidth. So I have to block (or redirect) those
> > network abusers after a download limit (for ex : 1Gb per day) for lets
> > say 1day.
> >
> > Because of the director, I cannot use the apache2 mod_cband.
> >
> > My first though is to look at the iptables on the director but I cannot
> > find any information about that kind of setup.
> >
> > Do you know if it is possible using build in linux tools(iptables ?).
> >
> > If not, do you know some hardware appliance that could do that ?
> >
> > Thanks !
> >
>
>

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus