Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

Block IP vs Drop Connection
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Block IP vs Drop Connection

MerakithMerakith Barred
in General

Hi,

What would you advise? Blocking an IP address might block genuine traffic if the IP is dynamic, and only dropping the connection will allow the attacker to continue attacking the server. What approach do you recommend and follow for your servers?

Comments

  • alt_alt_ Member

    Try to limit the concurrent connection maybe.
    For example using ufw: https://github.com/365cent/ufw-ruleset

  • MerakithMerakith Barred
    edited June 2023

    Thanks for your reply. Sounds good. I'll give it a try.

    My current setup is as follow. I am using UFW to block all incoming connections except port 443 over udp/tcp.

    I use Coraza WAF with Caddy to drop connections which matches my rules and let the other traffic flow through. https://github.com/corazawaf/coraza-caddy

    No IP is being blocked. Have DDoS protection on DNS level and at server level from the web hosts. Open to suggestions for improvement.

Sign In or Register to comment.