Rate Limiting and DDoS Protection Rules

Distributed Denial of Service (DDoS) attacks remain a significant threat to web servers. Firewall rules implementing rate limiting and connection throttling provide the first line of defense against these attacks. Effective DDoS protection requires multiple layers of rules addressing different attack vectors.

SYN flood protection limits half-open connections:

Limit TCP SYN from any to web_server_ip port 443 rate 100/second burst 300
Drop TCP SYN from any to web_server_ip port 443 if syn_count > 300

Connection limiting prevents resource exhaustion:

Limit concurrent_connections from source_ip to web_server_ip max 100
Limit new_connections from source_ip to web_server_ip rate 10/second

HTTP request rate limiting requires application-layer awareness:

Limit HTTP_requests from source_ip to web_server_ip rate 100/minute
If HTTP_request_size > 10MB then drop
If HTTP_header_count > 100 then drop