Welcome! Log In Create A New Profile

Advanced

Re: DDoS protection module suggestion

Weibin Yao
November 02, 2010 10:58PM
malte at 2010-11-3 10:19 wrote:
> I've recently been hit pretty hard with a nasty DDoS attack on a site of
> mine.
>
> With http://wiki.nginx.org/HttpLimitReqModule and
> http://wiki.nginx.org/HttpLimitZoneModule I was able to mitigate the
> attack reasonably well, but neither of these modules do what I'd really
> like to have done - temporarily serve only a plain 4xx or 5xx error
> message to any IP that is exhibiting clearly abusive behavior, like
> requesting the exact same page over and over again, or attempting to
> make a large amount of parallel connections (100+) at once.
limit module can also limit the concurrent request uri.

http {

limit_zone one $part_of_uri 10m;

server {
location /download/ {
set $part_of_uri "download";
limit_conn one 100;
}
}
}

I have not tested it yet, you can have a try.

> This should
> be in effect for a configurable amount of time, but just 10 minutes or
> so would have worked well against my recent attack, as each attacking
> bot only tends to attack for a few minutes before its replaced by
> another bot.
>
> So my suggestion is either adding functionality to the Limit modules, or
> adding a new DDoS module which would use a set amount of memory to keep
> tab of all IPs that have requested anything in the past 10-15 seconds,
> and can mitigate DDoS attacks by analyzing recent request and connect
> patterns by IP.
> Posted at Nginx Forum: http://forum.nginx.org/read.php?2,147105,147105#msg-147105
>
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://nginx.org/mailman/listinfo/nginx
>
>


--
Weibin Yao


_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx
Subject Author Posted

DDoS protection module suggestion

malte November 02, 2010 10:19PM

Re: DDoS protection module suggestion

Weibin Yao November 02, 2010 10:58PM

Re: DDoS protection module suggestion

malte November 02, 2010 11:21PM

Re: DDoS protection module suggestion

unclepieman November 03, 2010 12:02AM

Re: DDoS protection module suggestion

malte November 03, 2010 05:00PM

Re: DDoS protection module suggestion

unclepieman November 03, 2010 05:15PM

Re: DDoS protection module suggestion

malte November 03, 2010 10:30PM

Re: DDoS protection module suggestion

Redd Vinylene November 04, 2010 04:52AM

Re: DDoS protection module suggestion

malte November 04, 2010 03:47PM

Re: DDoS protection module suggestion

Weibin Yao November 04, 2010 10:28PM

Re: DDoS protection module suggestion

unclepieman November 05, 2010 12:10AM

Re: DDoS protection module suggestion

Weibin Yao November 05, 2010 01:08AM

Re: DDoS protection module suggestion

malte November 05, 2010 01:58AM

Re: DDoS protection module suggestion

unclepieman November 05, 2010 03:34AM

Re: DDoS protection module suggestion

Weibin Yao November 05, 2010 05:56AM

Re: DDoS protection module suggestion

Eugaia November 05, 2010 06:44AM

Re: DDoS protection module suggestion

姚伟斌 November 05, 2010 08:52AM

Re: DDoS protection module suggestion

malte November 05, 2010 12:16PM

Re: DDoS protection module suggestion

姚伟斌 November 05, 2010 09:50PM

Re: DDoS protection module suggestion

malte November 05, 2010 12:11PM

Re: DDoS protection module suggestion

unclepieman November 05, 2010 01:08PM

Re: DDoS protection module suggestion

malte November 05, 2010 05:52PM

Re: DDoS protection module suggestion

malte November 05, 2010 05:53PM

Re: DDoS protection module suggestion

Weibin Yao November 05, 2010 05:42AM

Re: DDoS protection module suggestion

Rainer Duffner November 03, 2010 05:42PM

Re: DDoS protection module suggestion

malte November 03, 2010 10:22PM

Re: DDoS protection module suggestion

ken107 December 26, 2010 04:49AM

Re: DDoS protection module suggestion

Weibin Yao December 26, 2010 09:32PM

Re: DDoS protection module suggestion

Waleed G. March 25, 2012 01:04PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 71
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready