So I have turned this on in my Azure cloud service site to try mitigate spiders and bots hitting us an absurd amount of times.
Has anyone had any experience with these settings?
Deny IP address based on the number of concurrent request: Maximum number of concurrent requests?
Deny IP address based on the number of requests over a period of time: Maximum number of request? Time period (in milliseconds)?
IP Restrictions can be enabled for security reasons, wherein, the users will be allowed to login only from a range of IP addresses as defined by the administrators. If the user tries to log in outside the allowed range, Zoho Mail throws an error, and login will not be possible.
Open the Internet Information Services (IIS) Manager. Highlight your server name, website, or folder path in the Connections pane, and then double-click IP Address and Domain Restrictions in the list of features. Click Edit Dynamic Restriction Settings in the Actions pane.
To use Dynamic IP Blocking, go to your SecureAuth Identity Platform Administration Console. First, set the length of time to block the IP address after a set number of failed attempts. Your setting will apply to login workflows in all policies. Then, you add the Dynamic IP Blocking rule in each policy.
In the Server Manager hierarchy pane, expand Roles, and then click Web Server (IIS). In the Web Server (IIS) pane, scroll to the Role Services section, and then click Add Role Services. On the Select Role Services page of the Add Role Services Wizard, select IP and Domain Restrictions, and then click Next.
I have recently been experimenting with these settings to decide on values for our production site.
We determined the maximum number of requests a single (request-heavy) page generates, and multiplied that with 2.5 to get the maximum number of requests over time. For the time value I chose 200ms.
Manual testing shows that these settings work fine for "normal" usage. We manage to get some 403 Forbidden when we simultaneously reload the page in 5 or more tabs in the browser.
Something you have to keep in mind is that many users of your website may be sitting behind the same proxy, so the Dynamic IP Restrictions consider these users as only one. With the rather short window of 200ms I expect that this will not be a problem, while still blocking aggressive DoS attacks to some extent.
Also, we do not restrict the number of simultaneous connections. It is nearly impossible to find a sensible number here, as the number of different clients is potentially unbounded.
Note that the requests a single page (take the one with most requests) is highly relevant to get to useful settings. E.g. if a page load of your front page generates 10 requests to your server, these will come in a very short time span, so your restrictions must have a higher threshold.
Our service has been running for over a year with these settings, and we've been quite happy so far.
Some people do not have access to a server, or like me they are not satisfacted by the Dynamic IP restriction, so i have made a script for asp classic.
You can place it on the webpage you want (homepage and/or internal). It use a Mysql DB. In the example i have set a ban for each ip loading 3 webpage in 3 seconds (that is not a normal activity). I just wana looking to block every flooding, aspiration script, ddos, bot or annoying access to my website.
CREATE TABLE `banip` ( `id` int(11) NOT NULL auto_increment, `IP` char(15) default NULL, `dtime` time default NULL, PRIMARY KEY (`id`), KEY `IP` (`IP`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1;
YOU NEED TO PUT THE ASP CODE WHERE IS NEEDED
PLUS A TINY ADMIN WEBPAGE mybanipadm.asp (can change the filename)
ASP CLASSIC CODE :
<% ' ***PUT THIS CODE AT THE TOP OF YOUR WEBPAGE YOU WANT TO PROTECT*** ' COULD BE HOME PAGE AND/OR INTERNAL PAGE ' THE BAN IS PERSISTANT UNTIL THE SERVER RESTART response.buffer = true IP = Request.ServerVariables("REMOTE_ADDR") 'IP WHITELIST - SEPARATE EACH IP WITH A | IPWL = "127.0.0.1|" if instr(IPWL,IP) then 'do nothing the ip is whitelisted else 'CHECK IF THERE IS A BAN THAT MATCH THE CURRENT IP if Application("mybanip") <> "" then if instr(Application("mybanip"),IP) then ' RESPONSE EXAMPLE WHEN ACCESS DENIED (CHOOSE ONE OR MAKE YOUR) 'Response.Status = "403 Forbidden" 'Response.Status = "404 Not Found" 'response.redirect "banned.html" response.write "You are going too fast !" session.abandon response.end end if end if ' THE TIME NOW dtime = FormatDateTime(now(),3) 'we can decide to run it at speficied time 'if dtime >= "00:00:00" and dtime < "05:00:00" then ' PREPARE TO CHECK DATABASE FOR THE LAST 3 SECONDS ACTIVITY secfrom = DateAdd("s",-3,now()) 'value you can change is -3 (seconds) secfrom = FormatDateTime(secfrom,3) ' ***OPEN THE CONNEXION STRING (USE YOUR ONE OR MODIFY THIS)*** Set conn = Server.CreateObject("ADODB.Connection") conn.Open "DRIVER={MySQL ODBC 3.51 Driver};server=127.0.0.1;uid=LOGIN;pwd=PSW;Database=DBNAME;" ' ***EVERYTHING BELOW MUST BE PUT AFTER THE CONNEXION STRING OPENED*** ' POPULATE DATABASE WHIS THE CURRENT IP AND TIME SQL = "INSERT INTO BANIP (IP,DTIME) values('" & IP & "','" & dtime & "')" conn.execute(SQL) ' CHECK IF THERE IS A SPAM ACTIVITY FOR THE CURRENT IP SQL = "SELECT COUNT(IP) as nbfound FROM BANIP WHERE IP='" & IP & "' AND dtime BETWEEN '" & secfrom & "' AND '" & dtime & "'" set rsIPCount = conn.Execute(SQL) if not rsIPCount.Eof then ipcount = clng(rsIPCount("nbfound")) else ipcount = "0" end if rsIPCount.Close set rsIPCount = nothing ' IF THERE IS AT LEAST 3 WEBPAGE LOADED IN 3 SECONDS ACTIVITY THEN SET A BAN if ipcount >= 3 then 'value you can change is 3 (webpage) application.lock Application("mybanip") = Application("mybanip") & IP & "|" application.unlock end if ' DELETE ALL ENTRY EVERY 2 MINUTES FOR PERFORMANCE if Application("mybanipdel") = "" then Application("mybanipdel") = dtime elseif datediff("n", Application("mybanipdel"), dtime) >= 2 or datediff("n", Application("mybanipdel"), dtime) < 0 then 'value you can change is 2 (minutes) conn.execute "DELETE FROM BANIP" Application("mybanipdel") = FormatDateTime(now(),3) end if SQL = "" IP = "" end if %>
admin page mybanipadm.asp
<html> <head> <title>My admin</title> </head> <body><% if request.querystring("disconnect")="yes" then session("adm") ="" elseif request.querystring("clear")="yes" then Application("mybanip") = "" end if ' ***CHANGE THIS VALUES*** login = "login" passw = "pass" if request.form("LogMe")<>"" and (request.form("login")=login and request.form("passw")=passw) then session("adm") = "loggued" elseif session("adm") = "" then response.write "<p>Please log-in :</p> <form method=""post""><input type=""text"" size=""15"" name=""login"" placeholder=""login""> <input type=""password"" size=""15"" name=""passw"" placeholder=""password""><input type=""submit"" name=""LogMe""></form>" response.end end if response.write "<p><a href=""?disconnect=yes"">Disconnect from the admin</a> - <a href=""?clear=yes"">Clear all ip</a></p>" if request.form("unban")<>"" and request.form("ipban")<>"" then application.lock Application("mybanip") = replace(Application("mybanip"),request.form("ipban") & "|","") application.unlock response.write "<p>IP : <b>" & request.form("ipban") & "</b> has been unbanned !</p>" end if response.write "Unban this IP : <form method=""post""><input type=""text"" size=""15"" maxlenght=""15"" name=""ipban"" placeholder=""000.000.000.000""> <input type=""submit"" name=""Unban"" value=""Unban""></form>" response.write "<p>IP CURRENTLY BANNED</p>" & replace(Application("mybanip"),"|","<br>") %> </body> </html>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With