10.5 Using Oracle Connection Manager to Prevent Denial-of-Service Attacks
You can enforce a limit on the number of client connections that Oracle Connection Manager (CMAN) can handle from an IP address in a specific time interval.
To enforce IP rate limit, set the IP_RATE_COUNT
parameter in the cman.ora
configuration file. This parameter specifies the number of connections that are allowed from a single IP address. The specified IP rate limit is enforced at the CMAN endpoint level.
cman.ora
file:
-
IP_RATE_INTERVAL
: Specifies the time interval, in seconds, for whichIP_RATE_COUNT
connections are accepted from the IP address. -
IP_RATE_BLOCK
: Specifies the duration, in minutes, for which the IP address is blocked after exceeding the specified IP rate limit.
IP_RATE_COUNT
per IP_RATE_INTERVAL
limit, then CMAN rejects the IP address and blocks it for IP_RATE_BLOCK
minutes. CMAN records an IP rate limit enforced for ip address
error message in the Oracle Connection Manager log file.
Related Topics
Parent topic: Configuring and Administering Oracle Connection Manager