about HAProxy in tcp mode.I want set a limit to the number of packets go through session per second,say 400 packets/s.Is it possible to make it by set up some rules in config file? If not, any advice?
o I see.it is possible.mention in link below:
http://blog.exceliance.fr/2012/02/27/use-a-load-balancer-as-a-first-row-of-defense-against-ddos/
Related
i am a bit stuck and need some hints please.
My ISP seems to throttle single connections to 400 kbps no matter if i use VPN/ssh tunnel/proxy or direct connect. For file transfer its not a problem, i can use lftp with multiple connections which gets me to 1 Gbps in up or down.
I have a few vps and a dedicated server which i would like to use as a tunnel to overcome this limitation. I have already tried wireguard/openvpn/cloak/shadowsocks. Is there anything else what creates maybe multiple tcp or udp connections to get things going?
Thanks,
Dennis
Is it possible to implement somehow request size restriction on haproxy side? As I understand how haproxy works it passes data from frontend socket to backend. If it works on HTTP level it might detect amount of data transferred during the session. And if this amount reach some limit, e.g. 20 MB it abororts the session. Is it possible to configure somehow such logic? Maby lua can help? But I do not want to collect all 20 MB to haproxy memory, ofcourse.
I'm using uIP along with mbed TLS to run a simple web server on a microcontroller, and host an HTTPS page.
The problem is: my chip only has enough RAM to handle one TLS connection at a time, but Firefox (and Chrome) tries to open multiple connections at once to load the images on the page. If I tell uIP to abort or close additional connections, Firefox assumes an error and gives up loading the rest of the page.
I can tell uIP to limit the total connections to 1, and in that case it just drops new SYN packets if there is already a connection. This actually works, as Firefox will wait and try again until the page is fully loaded. I can't use this a solution however, since I do need to allow more than 1 TCP connection total in order to handle other types of connections (I can serve a regular HTTP web page at the same time, for example). If I could tell uIP to limit connections on a specific port to 1 at a time, that may solve the problem, but I don't think uIP has that capability. I also don't see a way to force uIP to drop certain packets.
I've looked all over the web, but I can't find any information on running a web server using just one TCP connection at a time.
Does anyone have any ideas?
Thanks!
Marlon
Just ignore the SSL connection until you are ready to process it. Browsers should tolerate this.
I was wondering how can I find the "number of connections limit" for a web server.
Most of the cases I encountered it is limited to 6 connections (Meaning I can have 6 connections to this webserver working at the same time).
Is there any request I can send over HTTP?
Could you be more precise ? What kind of server ? Any ? For which OS ?
If it's an Apache http server, you should have a look in the settings file (should be /etc/httpd/conf/httpd.conf under Linux). Search for MaxClients option.
For example, I use a small apache server at home which can process 300 simultaneous requests (connections).
EDIT :
I think you won't be able to get the server specifications. You should try to overload it in order to guess its limits.
There's nothing like this in the HTTP standard, it aims to isolate HTTP requests from each other as much as possible. There might be a server-specific way to query this.
Depending on the architecture of your server, there could be a far greater number of TCP connections accepted than worker threads generating the HTTP responses, so you need to ask yourself what exactly you are interested in, and then just measure it with jmeter.
I am implementing a minimalistic web server application on a Microcontroller. When I have several images (or CSS/JS) on the web page, the browser creates several connections and fetches them. But the Microcontroller can not catch up with this. Is there a way to tell the browser to stop pipelining and fetch them one by one ?
Note :: "Connection: close" is already in place.
I think Connection:close is exactly the wrong message. When the browser creates multiple connections, it precisely does not pipeline its requests - so ISTM that you want the browser to pipeline, instead of creating parallel connections.
So one step towards that would be to use HTTP 1.1, and keep the connection open. The browser would then reuse the TCP connection for further requests. This should allow the microcontroller to catch up.
Now, the browser might still try to create additional, parallel connections. The best reaction to that is to not accept any of these connections. So limit the number of parallel connections that you are serving (independent of client), and only read new requests when you are done reading the previous ones. In doing so, prefer to read from established connections over accepting new connections.
If you have access to the TCP stack of the controller, you might be able to tell what host a connection comes from, so you can accept connections from other browsers while limiting the number of connections from the same browser (something that you cannot do in the regular socket API).
"Pipelining" is something else; it means that the user agent sends additional requests on the same connection although the first one didn't complete yet (see http://greenbytes.de/tech/webdav/rfc2616.html#pipelining).
"Connection: close" doesn't seem to be relevant; that being said: is there a reason why you don't want the connection reused?
With respect to your question: no, I don't think you can prevent clients from doing that. Did you try limiting the maximum number of open connections on your server?
Same problem... However, Firefox loads my site very fast unlike Opera. I have not invented anything better than rejecting connections at an initial stage: SYN. I'm just answering with RST flag. But probably it doesn't suit Opera.
My device supports only two simultaneous connections.