iptables: limiting bytes downloaded per IP per day?
Posted
by
Miles
on Server Fault
See other posts from Server Fault
or by Miles
Published on 2012-06-27T14:16:42Z
Indexed on
2012/06/27
15:18 UTC
Read the original article
Hit count: 289
iptables
|bandwidth-control
On a public-facing web server, I'd like to limit the total bytes downloaded per IP address per day. For example, after a visitor downloaded 100MB, any additional requests would be dropped or rejected for the next 24 hours.
Is it possible to accomplish this using iptables alone? The connbytes, connlimit, hashlimit, quota, and recent options all look promising, but the man page plays its cards close to the vest (e.g., "quota - Implements network quotas by decrementing a byte counter with each packet. --quota bytes The quota in bytes.").
Would like to avoid using a proxy (like Squid) if possible.
© Server Fault or respective owner