> If the site's audience is truly global, it's very
> difficult.
>
> Apart from the fact that in a true DDoS scenario
> (in the mentioned
> case, we're talking about 200something attacking
> hosts), you'd need
> NGINX to be sitting next to your peering points
> upstream.
This site has an emphasis on US, but still US traffic only makes up 40% of the traffic, the rest is largely Canada, Western Europe and Australia, but there is also a fair amount of India, Russia and Pakistan in there, so I would say the GeoIP idea wouldn't serve us well.
We had about 50k attacking hosts attacking over the course of 24h.