CSF – How to limit the number of connections per IP address ?

firewall

In the ConfigServer Security & Firewall (CSF) configuration file, update the CT_LIMIT value to limit the number of connections per IP address. This is a simple trick to prevent some types of Denial of Service (DOS) attack.

Note
To stop the Denial of Service (DoS) attack immediately, read this null route example.

1. /etc/csf/csf.conf

SSH into your server as root. Edit the /etc/csf/csf.conf file.

Terminal
$ ssh [email protected] #login as root

$ vim /etc/csf/csf.conf

2. CT_LIMIT

Find CT_LIMIT and update it to 150, this means if the total number of connections to the server is more than 150, the IP address will be blocked. Save & exit.

/etc/csf/csf.conf
###############################################################################
# SECTION:Connection Tracking
###############################################################################
# Connection Tracking. This option enables tracking of all connections from IP
# addresses to the server. If the total number of connections is greater than
# this value then the offending IP address is blocked. This can be used to help
# prevent some types of DOS attack.
#
# Care should be taken with this option. It's entirely possible that you will
# see false-positives. Some protocols can be connection hungry, e.g. FTP, IMAPD
# and HTTP so it could be quite easy to trigger, especially with a lot of
# closed connections in TIME_WAIT. However, for a server that is prone to DOS
# attacks this may be very useful. A reasonable setting for this option might
# be around 300.
#
# To disable this feature, set this to 0
CT_LIMIT = "150"

3. Restart CSF

$ csf -r
  • Email, SSL
  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

What virtualization software do you use?

We use Parallels Virtuozzo Containers (PVC).

Why is my VPS constantly crashing?

There are several causes to why you may not be able to access your VPS. Some users often mistake...

What kind of support do you offer?

We offer Fully Managed VPS packages. For a list of items that we support, please refer to the...

What kind of software can I install on my VPS?

As you have full root access, you may install any compatible software on your VPS. However, any...

What is Virtuozzo?

Virtuozzo is the VPS technology created by SWsoft which allow us to create isolated VPS servers...