Recommended VPS Complete list of best VPS hosting providers.

How To Limit Maximum Connections In Your Server

Most Internet Download Manager apps like IDM and DAP will try to establish parallel connections to a download server hence user can gain faster download speed. In the other hand, with the numbers of connections established and multiplied with how many users connected and establishing parallel connections at once, that can take the server down. So this article will show you how to limit the number of maximum connections coming from a single IP to your server to avoid traffic flooding. This will be useful if you want to build file sharing site or RapidLeech transloading server.

That’s not all. Most modern web browsers use multiple connections to speed up loading speed to the server. So it is a good practice to always set the number allowed maximum connections from every single IP. However it is also not so good to allow only single connection per IP as users will feel your website is too slow to load compared to other sites. Most servers set the number to 20 maximum connections at once but that number is really up to Admin’s will. There is no exact number you have to set. This way you can restrict the number of maximum connections allowed for a single IP to your server via port 80 (default http port).

p.s: Every time I say “server” means either VPS (virtual private server) or Dedicated server. In this guide I use Ubuntu-based server but other Distros should be similar (not exactly the same but similar)

Firewall Config: Using Iptables

Step 1 – Login to your server via SSH. Again, I will not explain this any more. Browse all my basic tutorials.

Step 2 – Issue following command to iptables rule to restrict connections to only N numbers. Of course change N to the number you want.

Default command syntax for Firewall config:

iptables -A INPUT -p tcp --syn --dport $port -m connlimit --connlimit-above N -j REJECT --reject-with tcp-reset

change $port to port number you wish to limit the connection. Change it to 80 for http, or 22 for SSH (that if you never change it). Example, how to limit maximum numbers to 20 allowed connections:

iptables -A INPUT -p tcp --syn --dport 80 -m connlimit --connlimit-above 20 -j REJECT --reject-with tcp-reset

example for that command:

iptables command syntax

This specific command will limit allowed SSH connection per single IP to only 3 connections:

iptables  -A INPUT -p tcp --syn --dport 22 -m connlimit --connlimit-above 3 -j REJECT

Or this syntax in RedHat and friends:

/sbin/iptables -A INPUT -p tcp --syn --dport 80 -m connlimit --connlimit-above 20 -j REJECT --reject-with tcp-reset

Step 3 – Once done, you may also need to save that configuration. In RedHat and friends can use this command:

service iptables save

Or save that currently active iptables rule to a file using this command syntax (Ubuntu, Debian and friends):

iptables-save > /etc/iptables.up.rules

screenshot:

save ip table

Step 4 – However following above steps only will make Iptables rules gets flushed each time the server gets rebooted. Hence you may also need to issue this command:

First, lets create a new file that gets called every time the network interface is getting enabled:

nano /etc/network/if-pre-up.d/iptables

launch nano

Step 5 – Once Nano editor is launched, add following lines to reload the Iptables rules:

#!/bin/bash
/sbin/iptables-restore < /etc/iptables.up.rules

Once done hit Control+O to save then Control+X to exit Nano text editor.

iptables rules

Step 6 – Now all you need to do is to set +x permission so that newly created file can be executed:

chmod +x /etc/network/if-pre-up.d/iptables

chmod iptables file

That is it. By following step 3 – 6 above your Iptables config will retain and reloaded whenever you reboot your server.

Here it is an example. I set my server to only allow 5 maximum allowed connections:

Before:

before config

And here’s after:

after iptables config

Other Useful Iptables Commands

This command allows you to see current Iptables rules:

iptables -L

Will give you output like this:

list iptables rules

Need to reset all above configurations and bring back Iptables to default config? Use this command to flush current active Iptables rules:

iptables -F

And see how it looks like:

flush iptables

Enjoy..

2 Comments

Add a Comment

Your email address will not be published. Required fields are marked *

Get more stuff like this
in your inbox

Subscribe and get interesting stuff plus faster updates to your email.