Projekte an denen Holger Kohn beteiligt war:
- Todolist ( http://fossies.org/linux/privat/Todolist.php-0.9.15.4.tar.gz:a/Todolist.php-0.9.15.4/doc/WHATSNEW )
...
54 55 New things in ToDoList.php 0.9.14.1 56 =================================== 57 - BUGFIX: The add-form doesn't loose entries when the project is changed. 58 - TUNING: Todolist is much faster when used with a large number of projects. 59 Many thanks to Holger Kohn for the patch! 60
...
- cacti ( http://oss.oetiker.ch/rrdtool/gallery/index.en.html )
This graph shows the traffic of a networkinterface(dark-green). In red is displayed the optimal sinus-curve thru the points of one week. Light-green is the "can-be-range" of the traffic that was not alarmed. Yellow is the "warning-range" of the curve and every other points cause an CRITICAL-Warning in our minitoring. So we bring the statistics-calculations into the monitoring. That will show us abnormaly using of different curves and alarm it. -- Holger Kohn <Diese E-Mail-Adresse ist vor Spambots geschützt! Zur Anzeige muss JavaScript eingeschaltet sein!>, 2008/1 [demo]
- F5 iRule ( https://devcentral.f5.com/wiki/irules.limitconnectionsfromclient.ashx )
LIMIT CONNECTIONS FROM CLIENT
Description¶
Limit the number of TCP connections to a virtual server from client IP addresses.This iRule illustrates how to use an internal array to track the number of concurrent connections to a virtual server based on the source IP address, and reject any connection attempts above a configurable limit.
The example adds logging for rejected connections including client IP address and connection counts, and supports a whitelist of IP addresses to exclude from the limit check.
Care should be taken when using this iRule, as clients may access the virtual server through a reverse proxy which performs address translation. In such a case, there might be legitimate reasons for a large number of TCP connections from a single source IP address.
iRule Source¶
01 |
when RULE_INIT { |
02 |
03 |
# The maximum number of TCP connections to the virtual server from a single client IP address |
04 |
set ::max_connections_per_ip 10 |
05 |
06 |
# Clear the array of clients with open connections to the VIP |
07 |
array set ::active_clients { } |
08 |
09 |
# Replace this array with a datagroup of type 'address' once done testing! |
10 |
array set white_client { |
11 |
10.41.0.610 |
12 |
10.0.0.2 |
13 |
} |
14 |
} |
15 |
16 |
when CLIENT_ACCEPTED { |
17 |
18 |
log local0. "\$:<!--:active_clients: [array get ::active_clients] (size: [array size ::active_clients])" --> |
19 |
20 |
# Check if the client is already in the active clients array |
21 |
if { ([ info exists ::active_clients([ IP::client_addr ])]) } { |
22 |
23 |
# Regardless of whether we reject this client, we've already accepted the TCP connection. |
24 |
# so increment the counter for this client. The count will be decremented when the connection is closed. |
25 |
incr ::active_clients([ IP::client_addr ]) |
26 |
log local0. "Incremented \$::active_clients([IP::client_addr]) to: $::active_clients([IP::client_addr])" |
27 |
28 |
# Check if client is already over the maximum |
29 |
if {$::active_clients([ IP::client_addr ]) > $::max_connections_per_ip} { |
30 |
31 |
# Send TCP reset to client |
32 |
reject |
33 |
34 |
log local0. "Rejected IP [IP::client_addr], count ($::active_clients([IP::client_addr]))" |
35 |
36 |
} |
37 |
# Don't need an else clause here. The default action will be to allow the connection to continue. |
38 |
39 |
} elseif { ![ info exists ::white_client([ IP::client_addr ])] }{ |
40 |
41 |
# Client wasn't already in the array and isn't in the white list, so add them to the array with a count of 1. |
42 |
set ::active_clients([ IP::client_addr ]) 1 |
43 |
log local0. "Initialised \$::active_clients([IP::client_addr]) to: 1" |
44 |
} |
45 |
} |
46 |
when CLIENT_CLOSED { |
47 |
48 |
# Check if the client has a count in the array |
49 |
if { [ info exists ::active_clients([ IP::client_addr ])]} { |
50 |
51 |
# Decrement the count by 1 |
52 |
incr ::active_clients([ IP::client_addr ]) -1 |
53 |
54 |
# Check if the count is 0 or negative |
55 |
if { $::active_clients([ IP::client_addr ]) <= 0 } { |
56 |
57 |
# Clear the array element |
58 |
unset ::active_clients([ IP::client_addr ]) |
59 |
} |
60 |
} |
61 |
} |