Currently we have maximum number of requests to url per sec and maximum number of connections per source IP address. Consider the case when user opens the several connection at a time to same URL. In that case though we will restrict the number of connection per IP, but some harm will still be done as the attacker will use the connections upto "maximum number of connections per source IP". We need to find a way in which we can restrict the maximum number of connection for IP to particular URL per sec.
can we block the ip for certain time whoe is exceeding the maxnumber of http connection per ip ?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Currently we have maximum number of requests to url per sec and maximum number of connections per source IP address. Consider the case when user opens the several connection at a time to same URL. In that case though we will restrict the number of connection per IP, but some harm will still be done as the attacker will use the connections upto "maximum number of connections per source IP". We need to find a way in which we can restrict the maximum number of connection for IP to particular URL per sec.
can we block the ip for certain time whoe is exceeding the maxnumber of http connection per ip ?
You can achive this by counting the number of connections not processing any HTTP request data (due to being blocked) using the NullConnection event.
Example:
QS_SrvMaxConn 100
QS_ClientEventBlockCount 10 300
QS_SetEnvIfStatus NullConnection QS_Block