07-08-2009 12:30 PM
Hi - What options are available to limit the # of connections that are arriving from certain IP addresses on our ServerIron infrastructure..Seeing unusually high # of concurrent requests from certain locations which are suspicious...
07-08-2009 12:33 PM
There are a number of options available
You can limit the number of connections for specific clients (based on client's subnet/subnet mask) or you could specify a maximum number of connections for all clients (for a short period of time) while evaluating the source of suspicious connections which will allow existing valid clients
un-interrupted access to app service (web etc.). You can exclude certain clients from this global policy if required.
You can check the concurrent connections CCL section of Security admin manual for some examples code..
You can also control/limit the connection rate to real servers ports to a specified limit and log excessive usage in the event of Dos (DDos) attacks. Check here for further info