Related

How can I allow IGMP-traffic in FirewallD? Question Question
How to stop udp/tcp ddos attack? Question Question

Question

Is it possible to do rate limiting to the droplet

Posted June 11, 2019 3.8k views
CentOSFirewall

Hi team,

I’m looking for a mechanism to block the IP addresses on an incremental time block upon too many request.

  1. If a user sends 7-10 HTTP Requests in a second the IP should be blocked from accessing my server for 10 mins, again if it violates it should be blocked for 15 mins, 20 mins and so on.

Rather than using an application in server level like Fail2Ban. Can we do it from digital ocean console ?

Regards
Karthik. K

Add a comment
karthikkanthaswamy
By:
karthikkanthaswamy

Related

How can I allow IGMP-traffic in FirewallD? Question Question
How to stop udp/tcp ddos attack? Question Question

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
3 answers
jtittle June 11, 2019

@karthikkanthaswamy

While this is not something that can be done through our control panel, it can be accomplished by using the built-in functionality of NGINX or using mod_ratelimit on Apache.

Apache
https://httpd.apache.org/docs/2.4/mod/mod_ratelimit.html

NGINX
http://nginx.org/en/docs/http/ngx_http_limit_req_module.html

-

Additionally, there are third-party services, such as CloudFlare, which can provide more advanced options.

https://www.cloudflare.com/rate-limiting/

Reply Report
Taux1c June 12, 2019

I’m new and not 100% familiar with what you’re looking for but I limit my ssh and a few other ports with the limit option in the firewall.

Example if I wanted to limit standard ssh I would do it like this:

sudo ufw limit ssh/tcp

or

sudo ufw limit 22/tcp

Both will limit port 22.

Reply Report
  • Taux1c June 12, 2019

    The /tcp allows only a tcp connection to allow only udp you simply add /udp and to allow it on both you simply leave off the /* example: ufw limit ssh

    Reply Report
karthikkanthaswamy June 12, 2019

It’s not to directly block but incremental temporary block.

Reply Report

Related

Looking for something else?

Ask a new question Search for more help