Hi forum and thanks Igor for the most amazing software;
now I have spent some time looking for a way to make use of the limit_conn directive to block offending ip addresses, but can't seem to figure out a way to do so.
Is there a possibility to check, inside nginx.conf, for $limit_conn_triggered or something like that? Use case - I am protecting a backend server with limit_conn zone_name 2; and want to collect ips that violate that limit for blocking in the firewall. Parsing logs is a possible but extremely ineffective solution, especially under a DDOS, so I was looking for a way to either block violators using nginx configuration or emit the ip address to iptables/apf/etc.
Currently I can only deny parallel requests or limit_req them, which surely does increase the number of attackers needed to kill the server but does not solve the problem. Somehow, I feel there should be a solution (nginx module or directive I'm missing) which could ban based on triggered limit_conn. Thanks for any tips :)