Currently a single misbehaving client can create hundreds or thousands of connections to the server and consume file descriptor & memory resources or simply fill the maxclients setting for the Listener.
Should implement a configurable limit of connections per client IP address (default to 10 or something), refuse new ones over the limit. Also, another limit per a configured prefix length (20 per /24 or something for IPv4, per /48 for IPv6).
nginx source code should have an example of a very efficient implementation.
Currently a single misbehaving client can create hundreds or thousands of connections to the server and consume file descriptor & memory resources or simply fill the maxclients setting for the Listener.
Should implement a configurable limit of connections per client IP address (default to 10 or something), refuse new ones over the limit. Also, another limit per a configured prefix length (20 per /24 or something for IPv4, per /48 for IPv6).
nginx source code should have an example of a very efficient implementation.