CSF – How to limit the number of connections per IP address

firewall

In the ConfigServer Security & Firewall (CSF) configuration file, update the CT_LIMIT value to limit the number of connections per IP address. This is a simple trick to prevent some types of Denial of Service (DOS) attack.

Note
To stop the Denial of Service (DoS) attack immediately, read this null route example.

1. /etc/csf/csf.conf

SSH into your server as root. Edit the /etc/csf/csf.conf file.

Terminal

$ ssh root@yourserver #login as root

$ vim /etc/csf/csf.conf

2. CT_LIMIT

Find CT_LIMIT and update it to 150, this means if the total number of connections to the server is more than 150, the IP address will be blocked. Save & exit.

/etc/csf/csf.conf

###############################################################################
# SECTION:Connection Tracking
###############################################################################
# Connection Tracking. This option enables tracking of all connections from IP
# addresses to the server. If the total number of connections is greater than
# this value then the offending IP address is blocked. This can be used to help
# prevent some types of DOS attack.
#
# Care should be taken with this option. It's entirely possible that you will
# see false-positives. Some protocols can be connection hungry, e.g. FTP, IMAPD
# and HTTP so it could be quite easy to trigger, especially with a lot of
# closed connections in TIME_WAIT. However, for a server that is prone to DOS
# attacks this may be very useful. A reasonable setting for this option might
# be around 300.
#
# To disable this feature, set this to 0
CT_LIMIT = "150"

3. Restart CSF


$ csf -r

References

  1. What is Configserver Security and Firewall (CSF)
  2. Basic DoS/DDoS Mitigation with the CSF Firewall
  3. List all IP addresses connected to your Server
  4. How to block attackers IP with null route

About the Author

author image
mkyong
Founder of Mkyong.com, love Java and open source stuff. Follow him on Twitter. If you like my tutorials, consider make a donation to these charities.

Comments

avatar