On Thu, Aug 18, 2011 at 9:29 PM, Les Mikesell lesmikesell@gmail.com wrote:
On 8/18/2011 2:15 PM, Rudi Ahlers wrote:
On Thu, Aug 18, 2011 at 9:09 PM, Always Learningcentos@u61.u22.net wrote:
On Thu, 2011-08-18 at 21:01 +0200, Rudi Ahlers wrote:
I need to automatically block any user who abuses bandwidth, either incoming or outgoing. I should be able to set the limits, in either rate/s or usage/s: 1Mb/s or 10GB/h, for example.
First question is:
(a) how can you get the IP address ?
I don't fully understand your question? How do you get any IP address from any machine that connects to a server on the internet? netstat shows the IP's,
You said 'user' which may or may not map to a consistent, single, IP address.
well, a 'user' is anyone accessing the server from the internet, so the IP's will change the whole time.
/var/log/http/access.log shows the IP's and I'm sure it's listed in other places as well.
Are these web browser clients, locally attached PCs, or what?
web / SQL / SMTP / POP3 clients, connecting from the internet.
We currently use ntop to monitor the server's usage, but there's no way to automatically block an abusive IP.
What's 'abusive'? If they are using a web app, let the app monitor the connection of a logged in user and handle them appropriately.
yes, but no monitor can block their IP, that I'm aware of.
Ideally I would like to get a dedicated firewall, or dedicated Linux / UNIX firewall appliance for this purpose as it needs to monitor and protect a whole bunch of servers
A separate box won't know what is going on. Suppose you have a remote mail server relaying in or out for a large number of users. The intermediate box will see a lot of smtp traffic to/from one IP, but it will correspond to a lot of users. Likewise for web users behind a company proxy.
For this very reason I need to exclude certain IP's from the limits.
-- Les Mikesell lesmikesell@gmail.com _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos