id summary reporter owner description type status priority milestone component resolution keywords cc 712 Connection limit срабатывает неожиданно для пользователя san alx "Я провёл такой эксперимент: Примерно в течении минуты я не торопясь обновлял страничку с блоком, обновил страничку примерно 10 раз. После 10-го обновления страничка не прогрузилась полностью. По логу я вижу что начал срабатывать ""Connection limit"". На мой взгляд такое срабатывание защиты неинтуитивно для пользователя, не так уж много он действий совершил и действия не были криминальными, чтобы ожидать что его забанят. В аппаратуре других производителей я не наблюдал подобного - обновлять страничку никто не запрещает. Предлагаю сделать поведение более интуитивным - при неторопливом обновлении странички пользователь не должен быть забанен. r2417 Браузер Google Chrome Версия 129.0.6668.90 Вот лог из платы за время моего эксперимента: {{{ Oct 9 10:05:17 sw01 daemon.info swd[254]: user admin from [::ffff:192.168.0.5] authenticated Oct 9 10:06:20 sw01 daemon.err swd[254]: Server reached connection limit. Closing inbound connection. Oct 9 10:06:27 sw01 daemon.err swd[254]: Server reached connection limit. Closing inbound connection. Oct 9 10:06:27 sw01 daemon.err swd[254]: Server reached connection limit. Closing inbound connection. Oct 9 10:06:41 sw01 daemon.err swd[254]: Server reached connection limit. Closing inbound connection. Oct 9 10:06:41 sw01 daemon.err swd[254]: Server reached connection limit. Closing inbound connection. Oct 9 10:06:45 sw01 daemon.err swd[254]: Server reached connection limit. Closing inbound connection. Oct 9 10:06:45 sw01 daemon.err swd[254]: Server reached connection limit. Closing inbound connection. Oct 9 10:06:50 sw01 daemon.err swd[254]: Server reached connection limit. Closing inbound connection. Oct 9 10:06:50 sw01 daemon.err swd[254]: Server reached connection limit. Closing inbound connection. Oct 9 10:06:50 sw01 daemon.err swd[254]: Server reached connection limit. Closing inbound connection. Oct 9 10:06:54 sw01 daemon.err swd[254]: Server reached connection limit. Closing inbound connection. Oct 9 10:06:54 sw01 daemon.err swd[254]: Server reached connection limit. Closing inbound connection. Oct 9 10:06:55 sw01 daemon.err swd[254]: Server reached connection limit. Closing inbound connection. Oct 9 10:06:58 sw01 daemon.err swd[254]: Server reached connection limit. Closing inbound connection. Oct 9 10:07:00 sw01 daemon.err swd[254]: Server reached connection limit. Closing inbound connection. Oct 9 10:07:00 sw01 daemon.err swd[254]: Server reached connection limit. Closing inbound connection. Oct 9 10:07:00 sw01 daemon.err swd[254]: Server reached connection limit. Closing inbound connection. Oct 9 10:07:00 sw01 daemon.err swd[254]: Server reached connection limit. Closing inbound connection. Oct 9 10:07:08 sw01 daemon.err swd[254]: Server reached connection limit. Closing inbound connection. Oct 9 10:07:08 sw01 daemon.err swd[254]: Server reached connection limit. Closing inbound connection. Oct 9 10:07:08 sw01 daemon.err swd[254]: Server reached connection limit. Closing inbound connection. Oct 9 10:07:08 sw01 daemon.err swd[254]: Server reached connection limit. Closing inbound connection. Oct 9 10:07:08 sw01 daemon.err swd[254]: Server reached connection limit. Closing inbound connection. Oct 9 10:07:13 sw01 daemon.err swd[254]: Server reached connection limit. Closing inbound connection. Oct 9 10:07:13 sw01 daemon.err swd[254]: Server reached connection limit. Closing inbound connection. Oct 9 10:07:13 sw01 daemon.err swd[254]: Server reached connection limit. Closing inbound connection. Oct 9 10:07:14 sw01 daemon.err swd[254]: Server reached connection limit. Closing inbound connection. Oct 9 10:07:18 sw01 daemon.err swd[254]: Connection was closed while sending response body. Oct 9 10:07:28 sw01 daemon.err swd[254]: Connection was closed while sending response body. Oct 9 10:07:33 sw01 daemon.err swd[254]: Connection was closed while sending response body. Oct 9 10:07:38 sw01 daemon.err swd[254]: Connection was closed while sending response body. Oct 9 10:07:46 sw01 daemon.err swd[254]: Connection was closed while sending response body. Oct 9 10:07:53 sw01 daemon.err swd[254]: Connection was closed while sending response body. Oct 9 10:08:01 sw01 daemon.err swd[254]: Connection was closed while sending response body. Oct 9 10:08:08 sw01 daemon.err swd[254]: Connection was closed while sending response body. Oct 9 10:08:14 sw01 daemon.err swd[254]: Connection was closed while sending response body. Oct 9 10:08:20 sw01 daemon.err swd[254]: Connection was closed while sending response body. Oct 9 10:08:41 sw01 daemon.err swd[254]: Connection was closed while sending response body. Oct 9 10:08:58 sw01 daemon.err swd[254]: Connection was closed while sending response body. }}} Список соединений до моего подключения {{{ root@sw01:~# netstat Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 144 192.168.1.104:ssh 192.168.0.83:62618 ESTABLISHED Active UNIX domain sockets (w/o servers) Proto RefCnt Flags Type State I-Node Path unix 4 [ ] DGRAM 684 /dev/log unix 2 [ ] DGRAM 690 unix 2 [ ] DGRAM 691 }}} Список соединений после моего подключения но до авторизации {{{ root@sw01:~# netstat Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 144 192.168.1.104:ssh 192.168.0.83:62618 ESTABLISHED tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52399 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52428 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52407 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52419 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52396 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52383 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52374 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52410 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52473 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52390 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52408 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52404 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52414 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52384 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52431 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52406 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52400 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52420 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52402 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52424 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52369 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52433 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52401 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52368 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52380 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52409 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52417 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52394 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52381 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52412 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52391 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52382 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52397 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52418 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52439 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52434 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52413 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52403 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52425 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52422 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52411 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52435 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52389 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52370 TIME_WAIT Active UNIX domain sockets (w/o servers) Proto RefCnt Flags Type State I-Node Path unix 4 [ ] DGRAM 684 /dev/log unix 2 [ ] DGRAM 690 unix 2 [ ] DGRAM 691 }}} Список соединений после авторизации {{{ root@sw01:~# netstat Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 144 192.168.1.104:ssh 192.168.0.83:62618 ESTABLISHED tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52512 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52509 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52473 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52506 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52505 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52507 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52510 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52501 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52513 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52517 ESTABLISHED tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52514 ESTABLISHED tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52502 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52515 ESTABLISHED tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52504 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52503 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52516 ESTABLISHED tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52511 ESTABLISHED Active UNIX domain sockets (w/o servers) Proto RefCnt Flags Type State I-Node Path unix 4 [ ] DGRAM 684 /dev/log unix 2 [ ] DGRAM 690 unix 2 [ ] DGRAM 691 }}} Список соединений после примерно 10 обновлений странички в течении примерно минуты: {{{ root@sw01:~# netstat Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 144 192.168.1.104:ssh 192.168.0.83:62618 ESTABLISHED tcp 1 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52545 CLOSE_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52571 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52600 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52622 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52621 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52623 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52578 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52583 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52569 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52610 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52597 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52639 TIME_WAIT tcp 1 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52585 CLOSE_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52628 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52580 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52654 ESTABLISHED tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52555 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52542 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52582 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52648 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52593 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52579 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52592 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52549 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52642 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52546 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52643 TIME_WAIT tcp 1 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52602 CLOSE_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52551 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52651 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52649 TIME_WAIT tcp 1 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52573 CLOSE_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52564 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52657 ESTABLISHED tcp 1 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52644 CLOSE_WAIT tcp 1 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52616 CLOSE_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52563 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52544 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52557 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52588 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52656 ESTABLISHED tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52565 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52587 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52568 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52625 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52641 TIME_WAIT tcp 1 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52559 CLOSE_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52606 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52570 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52640 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52581 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52655 ESTABLISHED tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52553 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52601 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52629 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52609 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52627 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52634 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52626 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52635 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52613 TIME_WAIT tcp 1 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52630 CLOSE_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52566 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52636 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52596 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52653 TIME_WAIT tcp 0 0 ::ffff:192.168.1.104:www ::ffff:192.168.0.5:52598 TIME_WAIT Active UNIX domain sockets (w/o servers) Proto RefCnt Flags Type State I-Node Path unix 4 [ ] DGRAM 684 /dev/log unix 2 [ ] DGRAM 690 unix 2 [ ] DGRAM 691 }}}" улучшение closed средний 1 очередь web-интерфейс (sw) invalid