diff --git a/doc/modules/mod_core.html b/doc/modules/mod_core.html index 4f4e1d43b6..b0dccd93f1 100644 --- a/doc/modules/mod_core.html +++ b/doc/modules/mod_core.html @@ -1763,13 +1763,26 @@
proftpd
child process represents a single client connection,
and thus this directive also controls the maximum number of simultaneous
connections allowed. Additional connections beyond the configured limit are
-logged, and silently disconnected. The MaxInstances
directive
-can be used to prevent undesirable denial-of-service attacks (e.g.
-by repeatedly connecting to the FTP control port, a malicious client could try
-to cause proftpd
to repeatedly fork new processes, creating a
-"fork-bomb"). By default, no limit is placed on the number of child
-processes that may run at one time; it is highly recommended that a
-maximum number, suitable to your sites traffic, be configured.
+logged, and silently disconnected; the clients will not receive an
+FTP response in this case, but instead will encounter connection-level errors
+such as "Connection reset by peer". In order to provide a more user-facing
+error message, use the
+MaxClients
directive,
+set to a value lower than MaxInstances
, e.g.:
++ # Set MaxClients lower than MaxInstances, so that clients receive a nicer error message when they are rejected. + MaxClients 100 + MaxInstances 101 ++ +
+The MaxInstances
directive can be used to prevent undesirable
+denial-of-service attacks (e.g. by repeatedly connecting to the FTP
+control port, a malicious client could try to cause proftpd
to
+repeatedly fork new processes, creating a "fork-bomb"). By default, no limit
+is placed on the number of child processes that may run at one time; it is
+highly recommended that a maximum number, suitable to your sites
+traffic, be configured.
-The solution is to use "MultilineRFC2228 off" in your proftpd.conf
-(or simply remove that directive entirely).
+The solution is to use:
+
+ MultilineRFC2228 off ++in your
proftpd.conf
(or simply remove that directive entirely).