How to count number of connections needed for webpage to load?

Hello,

i have a webserver with higher number of websites and i seek for advice on how to discover how many HTTP / port 80 connections will be established from client to the webserver to load one average webpage.

My firewall CSF needs to know it

1) CONNLIMIT (concurrent connections limit)

I assume it will be under 100 connectios per one IP per 80 port... But i dont need to know which number i should enter, but rather how to count right number myself based on websites i host. I use Firefox browser which has Dev tool with Network tab showing elements loaded. It shows 10 requests and 9 out of them is GET when loading google.com. Does it mean google page load eats 10 http connections?

2) PORTFLOOD (connections limit per the interval)

I assume for the 60 seconds interval, human will browse maximum at speed 1 page load per 5 second. So it is 12 page loads. But how much connections one load takes. How to count it exactly for particular webpage?

Thank You

 

I would check that in two different ways.

1. You open Chrome/Firefox/Safari/whatever browser you use, open the Network tab and load your site. You can manually see how many http request are being done for one particular page load. I have to tell you this will change for each webpage (each webpage has different images i assume, so that's a different amount of http request).

2. You can do the same manual thing by checking your access_log. If you wan't to run a large analysis, you might wanna use any access_log analysis tool (don't have much experience on this, i would google it).

Be careful with the penalties you put to the clients that go over the one-minute connections limit. Maybe your site's behaviour is not 100% perfect, a user finds himself in a loop-request situation and that makes the firewall trigger the defense.

Hope it helps!

 

Also, depending on what is being served, a limit on 12 page loads seems arbitrary, and very low. I, for one, can open more than that just by visiting this forum - I go into the forums I follow, I open all the unread items since last time I visited, and that might be 30-40 or more pages loaded within 10 seconds.

 

Regarding PORTFLOOD, this option limits the number of # new connections per time interval that can be made to specific ports. When i allow maximum 40 connections per 5 seconds:
80;tcp;40;5

i do NOT experience single CSF block in lfd.log related to portflood in last X days

Yes, when i open Network monitor(tab) in Firefox and reload biggest webpage i host and aware of (regarding number of elements), i get 112 requests, 4.9Mb and around 10 seconds load.

And im not blocked or ignored (no log entry) despite my PORTFLOOD setting:
cat /var/log/lfd.log|grep "Apr 30 11:"

Regarding CONNLIMIT (concurrent connections limit), i have it set to 90 concurrent connections to port 80:
80;90

how would you explain the firewall is not triggered when opening page with 112 requests? Is it because its not concurrent i assume?

In my Firefox i see i have variable "network.http.max-connections" and it is set as default, 256 which seems surprisingly high. But im using SOCKSv5 proxy, so there probably apply "network.http.max-persistent-connections-per-proxy" which is 32. "network.http.max-persistent-connections-per-server" is 6.

I have persistent/keep-alive enabled on my webserver and 6s. keep-alive timeout, max 100 keep-alive requests.

LFD usually says when some IP is ignored (IP whitelisted or such) or when its blocked, but it was NOT.
So my questions in my initial post, remains, "How to count it exactly for particular webpage?" for PORTFLOOD and CONNLIMIT while my hopefully biggest webpage eats 112 requests?

-----------
By analysing access_log file i found 104 connections made by me and also here is timing of that: http://pastebin.com/ycn3m1si
So i see ti was like max. 18 connections per second, not sure if these are treated as "concurrent"