Am 29.11.2011 20:44, schrieb Filip Rembiałkowski:
no easy, "standard" way of doing this in postgres. before we go into workarounds - what's the underlying OS?
Okay, that's too bad that there's no standard way for this. The underlying OS is Linux (Gentoo, to be exact), and I'd already thought about setting up some form of iptables firewalling, but there's no real framework for this (i.e., "count" the number of connected TCP-sockets that originate from a single client) in iptables, only for connection throttling from the same source (which won't cut it, as there are "spikes" in connection setup where many connections are created almost at once, meaning that hashlimit or recent and the likes are simply not suited to the task at hand. I just need/want to give a "hard" upper limit on the number of simultaneous connections from a single client as an Anti-DoS-measure - the clients aren't hostile, but their programming is broken...).
Is there (meaning do you know of) any form of generic TCP socket proxy that can achieve this? I've looked through portage (the Gentoo package set) to find something applicable, but none of the socket proxy packages I found were able to connection-limit based on source IP out of the box, either...
Anyway, thanks for your feedback! -- --- Heiko. -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
