Welcome! Log In Create A New Profile

Advanced

block dos attack nginx behind cloudflare and loadbalancer

March 28, 2012 03:34AM
i have 4 webserver behind cloudflare and a loadbalancer, nginx is the web browser, php-fpm manage the php pages. i don't know how to block a simple dos attack ...

i'm able to detect this attack by use the http_limit_req module from nginx http://wiki.nginx.org/HttpLimitReqModule

but this is not block the attack at all, yes can mitigate but webservers are hit and hit again, and php-fpm goes to 80% and in a minute the website is unreachable.

i'm trying to find a way to block this kind of request.

i know how to block certain ip address or certain useragent with nginx but i want to do it automatically. I think that i cannot block the ip with iptables because the request come from the loadbalancer :( but i'm still able to detect the correct ip address with the set_real_ip_from and real_ip_header X-Forwarded-For with nginx.

i have the log file (error.log) filled with the correct ip address as you can see:

2012/03/27 18:34:02 [error] 31234#0: *1283 limiting connections by zone "staging", client: XX.XX.XX.XXX, server: www.xxxxxxx.com, request: "HEAD /it HTTP/1.1", host: "www.xxxxxxx.com"

Someone have an idea and can teach me how to block automatically this ip?

thanks in advance!
Subject Author Posted

block dos attack nginx behind cloudflare and loadbalancer

ilmetu March 28, 2012 03:34AM

Re: block dos attack nginx behind cloudflare and loadbalancer

Andrew Alexeev March 28, 2012 04:54AM

Re: block dos attack nginx behind cloudflare and loadbalancer

ilmetu March 28, 2012 05:15AM

Re: block dos attack nginx behind cloudflare and loadbalancer

Andrey Belov March 28, 2012 05:44AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 66
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready