I have a gateway that directs all internal web traffic to my website. The site makes use of extensive DB calls. When someone with a virus that connects to port 80 plugs in behind the gateway the DB goes to 100% CPU usage. I am trying to limit this and try to filter out virus traffic from browser/user traffic. I was thinking I could use kinda the same rule as I have for preventing ping attacks but it doesn't seem to work. I have tried using "iptables -t nat -I PREROUTING 1 -p tcp -m tcp --dport 80 -m limit --limit 5/s --limit-burst 10 -j redirection_chain". It seems that all traffic no matter how great still goes to my webserver. Also, is there a way to drop packets over a certain amount per time from one user? Benjamin
