40.14. Limiting Concurrent Logins

If your system is configured to allow anonymous FTP logins and you expect to receive a lot of traffic, it makes sense to limit the number of connections that can be open to the FTP server at any one time. This puts a ceiling on the network and CPU load that FTP transfers can generate, which is important if the system is being used for some other purpose (such as running a web server).

This limit can be set globally, on a per-virtual server basis, or just for anonymous clients. This means that you can set a limit that applies to all servers, and then increase or decrease it for a particular virtual host. You can also set a lower limit for anonymous clients versus those that have valid logins.

ProFTPD can also be configured to limit the number of concurrent connections that a single client host can have. This is useful if you want to stop people from downloading more than one file at a time from your server, and thus taking more than their fair share of bandwidth.

To set a connection limit for your server, follow these steps:

1.
If you want to set a global limit, click on the Networking Options icon on the module's main page.

To set a limit for a single virtual server, click on its icon and then on Networking Options.

To define a limit that applies only to anonymous clients, click on the icon for a virtual server, then click on Anonymous FTP, and finally click the Networking Options icon on the anonymous FTP options page.

2.
On the form that appears, find the Maximum concurrent logins field. To set a limit, select the third radio button and enter a number in the text box next to it. Alternately, you can select Unlimited to turn off any restriction that applies to this virtual server that has been set globally.

3.
To define an error message sent to clients that try to connect when the limit has been reached, enter it into the Login error message box in the Maximum concurrent logins field. If the message contains the special code %m, it will be replaced with the maximum allowed number.

4.
To set the per-client host limit, fill in the Maximum concurrent logins per host field in the same way. It also has a Login error message box that can be used to set a message that is sent to FTP clients that exceed the limit.

5.
If you are editing the global networking options, you can also set a limit on the total number of ProFTPD subprocesses that can be active at any one time. This is useful for protecting your system from denial-of-service using hundreds of useless connections. Just select the second option for the Maximum concurrent sessions field and enter a number into its adjacent text box. If Default is selected, no limit will be enforced.

If you are running the server from a super server like inetd or xinetd, this limit will have no effect. Fortunately, both those servers have configuration options that can be used to achieve the same result.

6.
When you are done editing client restrictions, click the Save button at the bottom of the form to update the ProFTPD configuration, and then the Apply Changes button back on the main page.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.22.51.241