Limit incomming http/s connections per IP Address?

Hi Tim,

Are you looking to restrict source packets per second? Then please go to Network Protection> Intrusion Prevention > AntiDoS/ Flooding. Refer https://community.sophos.com/kb/hu-hu/115154 for further help.

Thanks

Does this restriction work on all http traffic or just TCP SYN attacks? So if you have an automated process that runs and submits too many legitimate requests to your API, would the IPS settings throttle the requests per second?

Tim, please share the reason for this question - what problem are you trying to address with this?

Cheers - Bob

HI TIm , 

As the KB article provided by Sachin go to section 

Anti-DoS/Flooding

For sessions per address you may configure the TCP flag . But this may affect the multiple sessions to the same host . 

TCP SYN Flood Protection

To employ TCP SYN flood protection, enable "Use TCP SYN Flood Protection" 

 Mode: The following modes are available: 

•  Both source and destination addresses: Select this option if you want to drop SYN packets that match both source and destination IP address. First, SYN packets are filtered that match the source IP address. Second, if there are still too many requests they will additionally be filtered according to the destination IP address. This mode is set as default. 
•  Destination address only: Select this option if you want to drop SYN packets according to the destination IP address only. 
• Source address only: Select this option if you want to drop SYN packets according to the source IP address only. 

Logging: This option lets you select the log level. The following levels are available: 

• Off: Select this log level if you want to turn logging completely off. 
• Limited: Selecting this log level will limit logging to five packets per second. This level is set as default. 
• Everything: Select this log level if you want verbose logging for all SYN (TCP) connection attempts. Note that SYN (TCP) flood attacks may lead to extensive logging. 
•  Source Packet Rate: Here you can specify the rate of packets per second that is allowed for source IP addresses. 
•  Destination Packet Rate: Here you can specify the rate of packets per second that is allowed for destination IP addresses. 

  Note: It is important to enter reasonable values here, for if you set the rate too high, your web server, for instance, might fail because it cannot deal with such an amount of SYN (TCP) packets. On the other hand, if you set the rate too low, your firewall might show some unpredictable behavior by blocking regular SYN (TCP) requests. Reasonable settings for every system heavily depend on your hardware. Therefore, replace the default values by numbers that are appropriate for your system. Click Apply and your settings will be saved.

Taken from article 115154

Note : This may affect downloads and may affect slow browsing and the value should be set by testing on a PC . Background services are also taken into consideration .

Thanks and regards

Aditya Patel | Network and Security Engineer.

HI TIm , 

As the KB article provided by Sachin go to section 

Anti-DoS/Flooding

For sessions per address you may configure the TCP flag . But this may affect the multiple sessions to the same host . 

TCP SYN Flood Protection

To employ TCP SYN flood protection, enable "Use TCP SYN Flood Protection" 

 Mode: The following modes are available: 

•  Both source and destination addresses: Select this option if you want to drop SYN packets that match both source and destination IP address. First, SYN packets are filtered that match the source IP address. Second, if there are still too many requests they will additionally be filtered according to the destination IP address. This mode is set as default. 
•  Destination address only: Select this option if you want to drop SYN packets according to the destination IP address only. 
• Source address only: Select this option if you want to drop SYN packets according to the source IP address only. 

Logging: This option lets you select the log level. The following levels are available: 

• Off: Select this log level if you want to turn logging completely off. 
• Limited: Selecting this log level will limit logging to five packets per second. This level is set as default. 
• Everything: Select this log level if you want verbose logging for all SYN (TCP) connection attempts. Note that SYN (TCP) flood attacks may lead to extensive logging. 
•  Source Packet Rate: Here you can specify the rate of packets per second that is allowed for source IP addresses. 
•  Destination Packet Rate: Here you can specify the rate of packets per second that is allowed for destination IP addresses. 

  Note: It is important to enter reasonable values here, for if you set the rate too high, your web server, for instance, might fail because it cannot deal with such an amount of SYN (TCP) packets. On the other hand, if you set the rate too low, your firewall might show some unpredictable behavior by blocking regular SYN (TCP) requests. Reasonable settings for every system heavily depend on your hardware. Therefore, replace the default values by numbers that are appropriate for your system. Click Apply and your settings will be saved.

Taken from article 115154

Note : This may affect downloads and may affect slow browsing and the value should be set by testing on a PC . Background services are also taken into consideration .

Thanks and regards

Aditya Patel | Network and Security Engineer.