Project

General

Profile

Actions

Bug #2475

closed

Connection rate limiting does not work for Captive Portal

Added by George Spiliotis over 12 years ago. Updated over 11 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Captive Portal
Target version:
-
Start date:
06/07/2012
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.0.1
Affected Architecture:

Description

Using pfSense 2.0.1. Installation of pfSense as a CP at a big exhibition fair failed because the connection rate limiting function does not work. Just a few clients hammering the CP login page can consume all the available CPU time.

The "Maximum concurrent connections" option sets the "evasive.max-conns-per-ip" option in /var/etc/lighty-CaptivePortal.conf. This option is ignored by lighttpd since the module mod_evasive.so is missing from pfSense. Even if the lighttpd package is rebuild and that module is put in place, the /etc/inc/system.inc file needs to be modified to actually load the module in lighty-CaptivePortal.conf.

Last time I checked on 2.1 (6 June, 2012) the module was missing as well. I am also fond of doing the rate-limiting using ipfw (which is used by CP) to prevent lighttpd using a lot of CPU cycles for resetting connections.

Actions

Also available in: Atom PDF