cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
831
Views
0
Helpful
1
Replies

Rate-limit per source IP in ACE

Reuven Elkabetz
Level 1
Level 1

Hello All,

I have a question regarding ACE A2(3.4) features. Is it possible to set a rate-limit connections per sec from any source IP. For example, if a client is trying to GET a web page 10 time per sec I will send a reset or drop that connection.

Thanks,

Reuven

1 Reply 1

Daniel Arrondo Ostiz
Cisco Employee
Cisco Employee

Hi Reuven,

I'm afraid this is not possible. With the ACE, you can only limit the connection rate on a server, but without taking the client Ip into account. The purpose of this feature is to avoid overloading a server, not preventing attacks.

You should check with your account team for alternatives. I'm not an expert on it, but I believe you should be able to achieve what you need with an IDS module.

Regards

Daniel

Review Cisco Networking for a $25 gift card