jitbit

Asked: 2014-09-06 09:47:20 +0800 CST2014-09-06 09:47:20 +0800 CST 2014-09-06 09:47:20 +0800 CST

Recommended values for DIPR configuration on a web-server

Microsoft has this great module for IIS server:

The Dynamic IP Restrictions (DIPR) module for IIS 7.0 and above provides protection against denial of service and brute force attacks on web servers and web sites. The module temporarily blocks IP addresses of HTTP clients that make an unusually high number of concurrent requests or that make a large number of requests over small period of time.

The default values are:

- Deny IP address for 5 concurrent requests
- Deny IP address for 20 requests in 200 milliseconds

enter image description here

I was wondering if anyone has any recommendations on these values? I'm not a server admin, I'm a developer without any security background...

PS. By the way, when a browser requests a web page, doesn't it make concurrent requests? For all the images/css/js fils on the page...

THANKS!

Recommended values for DIPR configuration on a web-server

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?

Recommended values for DIPR configuration on a web-server

0 Answers