Linux IPTables: limit the number of HTTP requests from one IP per minute (for CentOs, RHEL and Ubuntu)

~ tadmin
0saves
Save

Protecting Your Web Server: Implementing IP-based Request Limiting with IPTables on Linux

In the face of relentless cyber attacks, safeguarding your web server becomes paramount. Recently, our server encountered a barrage of requests from a single IP address, causing severe strain on our resources. To mitigate such threats, we employed IPTables, the powerful firewall utility in Linux, to enforce restrictions on the number of requests from individual IPs.

IPTables Rule Implementation (For CentOS/RHEL)

In our case, the lifesaving rule we implemented using IPTables was:

-A INPUT -p tcp --syn --dport 80 -m connlimit --connlimit-above 20 -j REJECT --reject-with tcp-reset

This rule effectively limits the number of simultaneous connections from a single IP address to port 80. Once the threshold of 20 connections is breached, any further connection attempts from that IP are rejected with a TCP reset.

To apply this rule, follow these steps:

  1. Edit IPTables Configuration File. Open the file `/etc/sysconfig/iptables` using your preferred text editor.
  2. Add the Rule. Insert the above rule above the line that allows traffic to port 80.
  3. Save the Changes. Save the file and exit the text editor.
  4. Restart IPTables Service. Execute the following command to apply the changes: 
    # /sbin/service iptables restart

Upon completion, the IPTables service will be restarted, enforcing the new rule and restoring stability to your server.

Additional Example for Ubuntu Linux Distro

For Ubuntu Linux users, the process is slightly different. Below is an example of implementing a similar IPTables rule to limit requests from a single IP address on port 80:

sudo iptables -A INPUT -p tcp --syn --dport 80 -m connlimit --connlimit-above 20 -j REJECT --reject-with tcp-reset

This command accomplishes the same objective as the previous rule but is formatted for Ubuntu’s IPTables syntax.

Conclusion

In the ever-evolving landscape of cybersecurity, proactive measures like IP-based request limiting are crucial for safeguarding your web infrastructure. By leveraging the capabilities of IPTables, you can fortify your defenses against malicious attacks and ensure the uninterrupted operation of your services.

Published by tadmin