[389-users] Safeguarding against to many established connections

Angel Bosch Mora angbosch at conselldemallorca.net
Tue Oct 19 10:28:50 UTC 2010


----- Missatge original -----
> On 10/19/2010 12:11 PM, Gerrard Geldenhuis wrote:
> > Hi We have recently seen an issue were a single client opened up
> > more than 800 established connections to our directory server. The
> > client did have the proper settings configured and should have
> > closed connections but it did'nt. Is there a way to limit the amount
> > of connections per client or close connections from the server side
> > after a certain period? Without just making the amount of
> > connections ridicuosly high on the directory server how can you
> > safeguard against rogue clients.
> >
> > Our client setting is as follows:
> > idle_timelimit 5
> > timelimit 10
> > bind_timelimit 5
> >
> > We were unable to log into client and it had file system issues so
> > we could not do any further analyses there.
> >
> > I suspect that solutions to this problem probably falls outside of
> > what can be configured in 389?
> 
> While it's not a 389-specific suggestion, iptables could easily solve
> this problem for you across the board. :)
> 

there's also a setting to close idle connections after X seconds. is somewhere in the 389 console, i can't remember now exactly.


abosch



More information about the 389-users mailing list