Safe connection limits for DDOS Deflate?
https://stackoverflow.com/questions/8750803
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I work for a site that often get's attacked by bot networks. We have started to use this tool: http://deflate.medialayer.com/ which auto-bans ip's that have more open connections than the set value. By default it's set to 150, we are currently using 250.
I would like to know, how low is safe so that search bots and normal visitors do not get blocked?
Solution
Modern browsers may open up to 250 connections in total (Firefox on Windows is limited to 48 in FF 8, and by default somewhere between 4 and 16 for a single server.
In Firefox the setting is named Network.http.max-connections-per-server and defaults to 8. AFAIK Chrome has a default of 6. However, because of delays on connection timeouts the number of open connections that DDOS Deflate gets from netstat might be higher, maybe up to 30-40.
So from what I've read from various search results like this one on Lighttpd is that 100 should be a safe number that won't ban regurlar users.
OTHER TIPS
I don't exactly know, but I have added a WARN_LIMIT feature to the ddos.sh script so that you can set a threshold that will not get banned but you will still get warned. So you can run this script for a while with conservative limits and then apply stricter limits after you get an idea about the real-world usage.
