Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Как защитить вебсервер стоящий за pfsense

    Scheduled Pinned Locked Moved Russian
    8 Posts 2 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Б
      Борис
      last edited by

      Слишком много соединений открывают типо таких на 80 порту

      tcp 0 0 192.168.1.22:56210 88.212.201.195:80 TIME_WAIT
      tcp 0 0 192.168.1.22:59370 88.212.201.195:80 TIME_WAIT
      tcp 0 0 192.168.1.22:58198 88.212.201.195:80 TIME_WAIT
      tcp 0 0 192.168.1.22:57882 88.212.201.195:80 TIME_WAIT
      tcp 0 0 192.168.1.22:48728 176.193.71.17:80 TIME_WAIT
      tcp 0 0 192.168.1.22:57174 88.212.201.195:80 TIME_WAIT
      tcp 0 0 192.168.1.22:50942 176.193.71.17:80 TIME_WAIT
      tcp 0 0 192.168.1.22:58624 88.212.201.195:80 TIME_WAIT
      tcp 0 0 :::80 :::* LISTEN
      tcp 0 0 ::ffff:192.168.1.22:80 ::ffff:178.154.171.56:59166 TIME_WAIT
      tcp 0 0 ::ffff:192.168.1.22:80 ::ffff:95.216.41.162:33504 TIME_WAIT
      tcp 0 0 ::ffff:192.168.1.22:80 ::ffff:141.8.142.88:49030 TIME_WAIT
      tcp 0 0 ::ffff:192.168.1.22:80 ::ffff:95.108.213.1:64711 TIME_WAIT
      tcp 0 0 ::ffff:192.168.1.22:80 ::ffff:95.108.181.74:41317 TIME_WAIT
      tcp 0 75950 ::ffff:192.168.1.22:80 ::ffff:178.154.200.7:39097 ESTABLISHED
      tcp 0 0 ::ffff:192.168.1.22:80 ::ffff:95.163.255.76:46645 TIME_WAIT
      tcp 0 0 ::ffff:192.168.1.22:80 ::ffff:95.108.181.74:53316 TIME_WAIT
      tcp 0 0 ::ffff:192.168.1.22:80 ::ffff:46.229.168.78:46908 TIME_WAIT
      tcp 0 0 ::ffff:192.168.1.22:80 ::ffff:95.163.255.74:36633 TIME_WAIT
      tcp 0 0 ::ffff:192.168.1.22:80 ::ffff:46.229.168.75:57382 TIME_WAIT
      tcp 0 0 ::ffff:192.168.1.22:80 ::ffff:95.108.181.74:42141 TIME_WAIT
      tcp 0 0 ::ffff:192.168.1.22:80 ::ffff:95.216.41.162:4212 TIME_WAIT
      tcp 0 0 ::ffff:192.168.1.22:80 ::ffff:37.9.113.187:58858 TIME_WAIT
      tcp 0 0 ::ffff:192.168.1.22:80 ::ffff:95.216.41.162:52322 TIME_WAIT
      tcp 0 48744 ::ffff:192.168.1.22:80 ::ffff:178.154.171.56:49606 LAST_ACK
      tcp 0 0 ::ffff:192.168.1.22:80 ::ffff:178.154.171.56:57355 TIME_WAIT
      tcp 0 0 ::ffff:192.168.1.22:80 ::ffff:141.8.142.88:43992 TIME_WAIT

      и на 443

      tcp 1 67104 ::ffff:192.168.1.22:443 ::ffff:37.9.113.155:63871 CLOSE_WAIT
      tcp 0 0 ::ffff:192.168.1.22:443 ::ffff:95.163.255.89:34351 TIME_WAIT
      tcp 0 0 ::ffff:192.168.1.22:443 ::ffff:95.181.2.165:3421 TIME_WAIT
      tcp 0 0 ::ffff:192.168.1.22:443 ::ffff:178.154.200.7:44430 TIME_WAIT
      tcp 0 0 ::ffff:192.168.1.22:443 ::ffff:92.127.126.135:59141 TIME_WAIT
      tcp 0 0 ::ffff:192.168.1.22:443 ::ffff:95.108.181.74:40882 TIME_WAIT
      tcp 0 0 ::ffff:192.168.1.22:443 ::ffff:95.163.255.82:39785 TIME_WAIT
      tcp 0 0 ::ffff:192.168.1.22:443 ::ffff:46.191.156.118:63185 FIN_WAIT2
      tcp 0 0 ::ffff:192.168.1.22:443 ::ffff:213.87.139.82:36547 TIME_WAIT
      tcp 0 0 ::ffff:192.168.1.22:443 ::ffff:217.169.82.232:9942 TIME_WAIT
      tcp 0 68381 ::ffff:192.168.1.22:443 ::ffff:178.154.171.56:49122 LAST_ACK
      tcp 0 0 ::ffff:192.168.1.22:443 ::ffff:195.211.23.213:50114 TIME_WAIT
      tcp 0 0 ::ffff:192.168.1.22:443 ::ffff:109.194.197.25:60926 FIN_WAIT2
      tcp 0 0 ::ffff:192.168.1.22:443 ::ffff:95.163.255.89:35674 TIME_WAIT
      tcp 0 0 ::ffff:192.168.1.22:443 ::ffff:5.45.207.60:35711 TIME_WAIT
      tcp 0 0 ::ffff:192.168.1.22:443 ::ffff:213.151.5.219:1618 TIME_WAIT
      tcp 0 0 ::ffff:192.168.1.22:443 ::ffff:80.242.50.237:62009 TIME_WAIT
      tcp 0 0 ::ffff:192.168.1.22:443 ::ffff:95.163.255.84:59589 TIME_WAIT
      tcp 0 0 ::ffff:192.168.1.22:443 ::ffff:185.59.57.27:39078 FIN_WAIT2
      tcp 0 0 ::ffff:192.168.1.22:443 ::ffff:37.9.113.60:50591 TIME_WAIT
      tcp 0 0 ::ffff:192.168.1.22:443 ::ffff:193.106.185.13:29200 ESTABLISHED
      tcp 0 0 ::ffff:192.168.1.22:443 ::ffff:217.118.181.13:57163 ESTABLISHED
      tcp 0 0 ::ffff:192.168.1.22:443 ::ffff:37.9.113.155:63450 TIME_WAIT
      tcp 1 67104 ::ffff:192.168.1.22:443 ::ffff:141.8.142.88:52122 CLOSE_WAIT
      tcp 0 0 ::ffff:192.168.1.22:443 ::ffff:188.162.54.75:41258 TIME_WAIT
      tcp 0 0 ::ffff:192.168.1.22:443 ::ffff:95.108.181.94:64743 TIME_WAIT
      tcp 0 0 ::ffff:192.168.1.22:443 ::ffff:188.162.86.19:13770 FIN_WAIT2
      tcp 0 0 ::ffff:192.168.1.22:443 ::ffff:46.146.150.13:35713 TIME_WAIT
      tcp 0 0 ::ffff:192.168.1.22:443 ::ffff:217.118.181.13:57736 TIME_WAIT

      1 Reply Last reply Reply Quote 0
      • werterW
        werter
        last edited by

        Добрый.

        1. Есть в настройках правил fw пункт, к-ый ограничивает кол-во подключений в сек.
        2. В настройках любого веб-сервера также имеются директивы, к-ые позволяют ограничивать кол-во подлючений на еди. времени.
        Б 2 Replies Last reply Reply Quote 0
        • Б
          Борис
          last edited by

          Вы имеете ввиду зайти на правило которое отвечает за порт 80 и 443?

          1 Reply Last reply Reply Quote 0
          • Б
            Борис @werter
            last edited by

            @werter что-то не могу там найти такой пункт

            1 Reply Last reply Reply Quote 0
            • Б
              Борис @werter
              last edited by

              @werter в общем почему то у меня нету такого пункта Maximum new connections per host (TCP only).

              1 Reply Last reply Reply Quote 0
              • Б
                Борис
                last edited by Борис

                @oleg1969 в последней версии pfsense этого пункта нету вот снимок экрана https://tvoyadres.ru/1.jpg

                1 Reply Last reply Reply Quote 0
                • Б
                  Борис
                  last edited by

                  В общем разобрался там немного внешний вид изменился этих полей.

                  werterW 1 Reply Last reply Reply Quote 0
                  • werterW
                    werter @Борис
                    last edited by

                    Добрый.
                    @борис

                    Для Nginx - https://www.dmosk.ru/miniinstruktions.php?mini=nginx-limits

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.