| From: | Heiko Wundram <modelnine(at)modelnine(dot)org> |
|---|---|
| To: | Filip Rembiałkowski <plk(dot)zuber(at)gmail(dot)com> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Limiting number of connections to PostgreSQL per IP (not per DB/user)? |
| Date: | 2011-11-29 22:18:43 |
| Message-ID: | 4ED55A43.1000409@modelnine.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Am 29.11.2011 20:44, schrieb Filip Rembiałkowski:
> no easy, "standard" way of doing this in postgres.
> before we go into workarounds - what's the underlying OS?
Okay, that's too bad that there's no standard way for this. The
underlying OS is Linux (Gentoo, to be exact), and I'd already thought
about setting up some form of iptables firewalling, but there's no real
framework for this (i.e., "count" the number of connected TCP-sockets
that originate from a single client) in iptables, only for connection
throttling from the same source (which won't cut it, as there are
"spikes" in connection setup where many connections are created almost
at once, meaning that hashlimit or recent and the likes are simply not
suited to the task at hand. I just need/want to give a "hard" upper
limit on the number of simultaneous connections from a single client as
an Anti-DoS-measure - the clients aren't hostile, but their programming
is broken...).
Is there (meaning do you know of) any form of generic TCP socket proxy
that can achieve this? I've looked through portage (the Gentoo package
set) to find something applicable, but none of the socket proxy packages
I found were able to connection-limit based on source IP out of the box,
either...
Anyway, thanks for your feedback!
--
--- Heiko.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tomas Vondra | 2011-11-29 22:19:43 | Re: Query Optimizer makes a poor choice |
| Previous Message | Filip Rembiałkowski | 2011-11-29 22:06:34 | Re: Query Optimizer makes a poor choice |