iptables: limiting bytes downloaded per IP per day?

Posted by Miles on Server Fault See other posts from Server Fault or by Miles
Published on 2012-06-27T14:16:42Z Indexed on 2012/06/27 15:18 UTC
Read the original article Hit count: 289

Filed under:
|

On a public-facing web server, I'd like to limit the total bytes downloaded per IP address per day. For example, after a visitor downloaded 100MB, any additional requests would be dropped or rejected for the next 24 hours.

Is it possible to accomplish this using iptables alone? The connbytes, connlimit, hashlimit, quota, and recent options all look promising, but the man page plays its cards close to the vest (e.g., "quota - Implements network quotas by decrementing a byte counter with each packet. --quota bytes The quota in bytes.").

Would like to avoid using a proxy (like Squid) if possible.

© Server Fault or respective owner

Related posts about iptables

Related posts about bandwidth-control