Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision | Next revision Both sides next revision | ||
|
litespeed_wiki:config:mitigating-ddos-attacks [2019/01/10 15:53] Jackson Zhang [Trusted IPs] |
litespeed_wiki:config:mitigating-ddos-attacks [2019/02/27 17:12] Jackson Zhang [Troubleshooting] |
||
|---|---|---|---|
| Line 121: | Line 121: | ||
| ===== Troubleshooting ===== | ===== Troubleshooting ===== | ||
| + | ==== Check concurrent connections ==== | ||
| + | To check how many concurrent TCP connections, you can run: | ||
| + | netstat -an | grep 80 | grep ESTA | wc | ||
| + | |||
| + | If you want to check concurrent connections sorted by IP, you can run the following: | ||
| + | netstat -ntu | grep ESTABLISHED | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr | ||
| + | | ||
| + | Please keep in mind that ''netstat -ntu'' will list TCP in TIME_WAIT state, which will inflate the number. For correct concurrent TCP connections counting method, you should only count TCPs in ''ESTABLISHED'' state. Hence ''grep ESTA'' or ''grep ESTABLISHED'' will be required. | ||
| ==== Check the Banned IP and Reason ==== | ==== Check the Banned IP and Reason ==== | ||
| If an IP has been banned, but you don't know why, you can check it with SSH. Here is an example of a connection that was banned because it reached the hard limit. | If an IP has been banned, but you don't know why, you can check it with SSH. Here is an example of a connection that was banned because it reached the hard limit. | ||