Welcome! Log In Create A New Profile

Advanced

Re: DDoS protection module suggestion

Weibin Yao
November 05, 2010 05:56AM
Payam Chychi at 2010-11-5 15:30 wrote:
> Hey,
>
> Instead of a 503, i would redirect them localhost:81 and allow them to
> validly themselves via captcha system in case its a false positive.
Maybe I could add extra variable like this:
if ($limit_access_deny) {
add_header Location http://xxxx:81/;
return 302;
}
> Like above, if a host logs the same src_ip more than $x times in $xy
> min, u should be moving the acl up the chain, your sub-distribution,
> distribution cor or even edge routers.
I think it's good to divide the determination from the Nginx. It's hard
to determine the IP by single Nginx whether is good or bad. Actually we
have 20+ reverse proxy Nginx servers in the front. Each Nginx doesn't
known others status. In our DDOS attack, the bad-IP's request rate is a
little higher than the normal request.

We decide to collect the log together and analyze it. I don't know the
payload of log collection. Maybe it's too high. We have not done the
performance test yet. Or we should do log analysis distributed in each
server and then collect the results together.
>
> my 2 cents
> -Payam
>
>
> malte wrote:
>> Weibin Yao Wrote:
>>
>>> We are facing the similar DDOS situation to you.
>>> I'm developing a module which can deny the individual IPs. The
>>> module can
>>> get the IPs with a POST request from a commander server in the
>>> intranet. If you have some suggestions, you can contact to me.
>>>
>>> The module will be here:
>>> https://github.com/yaoweibin/nginx_limit_access_mo
>>> dule, but I need some more days to finish it.
>>>
>>
>>
>> Wonderful!
>> Being able to interrogate the server for a list of bad IPs is an
>> excellent idea, it would allow people to make their own firewall-block
>> scripts etc.
>>
>> The main suggestion I have is that the module supports this kind of
>> rule:
>> If an IP has requested more than X pages in the last Y seconds, then
>> serve only 503 errors to that IP for the next Z seconds, and use at most
>> W megabytes of RAM for the bad-IP pool.
>>
>> Posted at Nginx Forum:
>> http://forum.nginx.org/read.php?2,147105,147863#msg-147863
>>
>>
>> _______________________________________________
>> nginx mailing list
>> nginx@nginx.org
>> http://nginx.org/mailman/listinfo/nginx
>>
>>
>
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://nginx.org/mailman/listinfo/nginx
>


--
Weibin Yao


_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx
Subject Author Posted

DDoS protection module suggestion

malte November 02, 2010 10:19PM

Re: DDoS protection module suggestion

Weibin Yao November 02, 2010 10:58PM

Re: DDoS protection module suggestion

malte November 02, 2010 11:21PM

Re: DDoS protection module suggestion

unclepieman November 03, 2010 12:02AM

Re: DDoS protection module suggestion

malte November 03, 2010 05:00PM

Re: DDoS protection module suggestion

unclepieman November 03, 2010 05:15PM

Re: DDoS protection module suggestion

malte November 03, 2010 10:30PM

Re: DDoS protection module suggestion

Redd Vinylene November 04, 2010 04:52AM

Re: DDoS protection module suggestion

malte November 04, 2010 03:47PM

Re: DDoS protection module suggestion

Weibin Yao November 04, 2010 10:28PM

Re: DDoS protection module suggestion

unclepieman November 05, 2010 12:10AM

Re: DDoS protection module suggestion

Weibin Yao November 05, 2010 01:08AM

Re: DDoS protection module suggestion

malte November 05, 2010 01:58AM

Re: DDoS protection module suggestion

unclepieman November 05, 2010 03:34AM

Re: DDoS protection module suggestion

Weibin Yao November 05, 2010 05:56AM

Re: DDoS protection module suggestion

Eugaia November 05, 2010 06:44AM

Re: DDoS protection module suggestion

姚伟斌 November 05, 2010 08:52AM

Re: DDoS protection module suggestion

malte November 05, 2010 12:16PM

Re: DDoS protection module suggestion

姚伟斌 November 05, 2010 09:50PM

Re: DDoS protection module suggestion

malte November 05, 2010 12:11PM

Re: DDoS protection module suggestion

unclepieman November 05, 2010 01:08PM

Re: DDoS protection module suggestion

malte November 05, 2010 05:52PM

Re: DDoS protection module suggestion

malte November 05, 2010 05:53PM

Re: DDoS protection module suggestion

Weibin Yao November 05, 2010 05:42AM

Re: DDoS protection module suggestion

Rainer Duffner November 03, 2010 05:42PM

Re: DDoS protection module suggestion

malte November 03, 2010 10:22PM

Re: DDoS protection module suggestion

ken107 December 26, 2010 04:49AM

Re: DDoS protection module suggestion

Weibin Yao December 26, 2010 09:32PM

Re: DDoS protection module suggestion

Waleed G. March 25, 2012 01:04PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 130
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready