Author Topic: MaxClientsPerHost ignored  (Read 115 times)

Offline dordal

  • New user
  • *
  • Posts: 12
    • View Profile
MaxClientsPerHost ignored
« on: August 09, 2017, 06:13:11 pm »
We have a problem with MaxClientsPerHost. MaxClientsPerHost and MaxClientsPerUser both set to 40:

MaxClientsPerHost               40
MaxClientsPerUser               40


Proftpd is not quite the latest, but close:

root@proton:~ # proftpd -v
ProFTPD Version 1.3.5


MaxClientsPerUser is working fine, but MaxClientsPerHost is being ignored. For example, we have 74 connections from the IP 65.200.133.4:

root@proton:~ # ps -ajx | grep proftpd | grep 65\.200\.133\.4 | wc -l
      74


I think the stats for who's connected are kept in the scoreboard file, right?

-rw-r--r--   1 root    wheel    386432 Aug  9 11:10 proftpd.scoreboard
-rw-r-----   1 root    wheel         0 Aug  9 06:20 proftpd.scoreboard.lck

The only thing odd I see is that there's a scoreboard lock file that hasn't been touched since proftpd restarted at 06:20, but I think that's normal? What else is there to check?


Offline castaglia

  • Administrator
  • Support Hero
  • *****
  • Posts: 5373
    • View Profile
    • http://www.castaglia.org/
Re: MaxClientsPerHost ignored
« Reply #1 on: August 10, 2017, 03:36:00 am »
Is your MaxClientsPerHost directive declared outside of any <Global> or <VirtualHost> sections?  Are these 74 connections to a <VirtualHost> section?

Offline dordal

  • New user
  • *
  • Posts: 12
    • View Profile
Re: MaxClientsPerHost ignored
« Reply #2 on: August 10, 2017, 09:55:05 pm »
MaxClientsPerHost and MaxClientsPerUser are declared inside <Global>, but outside any <VirtualHost> directive.

The 74 connections are to a virtual host, yes.

Does that give you any clues? The really odd thing is that MaxClientsPerUser works; its just MaxClientsPerHost that doesn't.

Offline castaglia

  • Administrator
  • Support Hero
  • *****
  • Posts: 5373
    • View Profile
    • http://www.castaglia.org/
Re: MaxClientsPerHost ignored
« Reply #3 on: August 12, 2017, 09:29:57 pm »
The MaxClientsPerHost limit is enforced _when the client sends the PASS command_.  Is it possible that these connections, from the IP address, which exceed that MaxClientsPerHost limit, have not sent USER/PASS commands, but instead are just idling there, taking up connection slows?  What does `ftpwho -v` show for these connections?

Instead of MaxClientsPerHost, you might consider using MaxConnectionsPerHost; see:

  http://www.proftpd.org/docs/modules/mod_auth.html#MaxConnectionsPerHost
« Last Edit: August 12, 2017, 09:49:51 pm by castaglia »

 

sighted planning