3

We have a websocket server that accepts connections. Unfortunately, for a reason that we have yet to identify some clients go rogue and connect/disconnect/connect... in loop at a very high frequency. This is a mess to deal with and penalizes other legit clients.

I added IPTABLE records to drop their traffic, but soon enough, another client starts to mess up. At the same time, a client who used to behave badly may start to behave normally again. It doesn't scale very much to edit the IPTABLE manually all day long.

Is there a way to dynamically block traffic from these clients who try to connect too often? I'd rather avoid to do that at the websocket server, because of course when doing this, this takes resources away from other legit clients.

Jonas
  • 1,147
  • 5
  • 17
  • 31
Julien Genestoux
  • 609
  • 8
  • 19

1 Answers1

3

Yes, you can configure iptables to block a certain frequency of connection requests from a client:

http://www.debian-administration.org/articles/187

iptables -I INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --set

iptables -I INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 10 -j DROP

Basically limiting users to only connect 10 times a minute.

polynomial
  • 3,968
  • 13
  • 24
  • 1
    Could this also be triggered by repeated requests for images? And I was under the impression that web sockets doesn't reconnect each time, but keeps the connection open. – Matt Simmons Sep 19 '11 at 18:10
  • @polynomial, This doesn't only block websocket connections right? It blocks everything which means that normal web requests would be affected. – Pacerier Oct 25 '17 at 12:25