Welcome! Log In Create A New Profile

Advanced

Re: Keeping your Nginx limit_* Anti-DDoS behind CloudFlare's servers

September 13, 2016 09:08AM
Reinis Rozitis Wrote:
-------------------------------------------------------
> > But that book says it is to reduce the memory footprint ?
>
> Correct, but that is for that specific varible.
>
> You can't take $http_cf_connecting_ip which is a HTTP header comming
> from
> Cloudflare and prepend $binary_ just to "lower memory footprint".
> There is no such functionality.
>
>
> What you might do is still use $binary_remote_addr but in combination
> with
> RealIP module (
> http://nginx.org/en/docs/http/ngx_http_realip_module.html ):
>
> real_ip_header CF-Connecting-IP;
>
> Detailed guide from Cloudflare:
> (
> https://support.cloudflare.com/hc/en-us/articles/200170706-How-do-I-re
> store-original-visitor-IP-with-Nginx-
> )
>
>
> Theoretically it should work but to be sure you would need to test it
> or ask
> a nginx dev for confirmation if the realip module takes precedence and
>
> updates also the ip binary variable before the limit_req module.
>
> rr
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx


Thanks for the info :) For now I will just stick with what I know is currently working either way I believe the stored key in memory won't be compressed due to being behind cloudflare's reverse proxy as you said only $binary_remote_addr is compressing their IP to reduce memory footprint.

Here is my config for anyone who wants to test or play around same as in original email.

map $http_cf_connecting_ip $client_ip_from_cf {
default $http_cf_connecting_ip;
}

limit_req_zone $client_ip_from_cf zone=one:10m rate=30r/m;
limit_conn_zone $client_ip_from_cf zone=addr:10m;

location ~ \.mp4$ {
limit_conn addr 10; #Limit open connections from same ip
limit_req zone=one; #Limit max number of requests from same ip

mp4;
limit_rate_after 1m; #Limit download rate
limit_rate 1m; #Limit download rate
root '//172.168.0.1/StorageServ1/server/networkflare/public_www';
expires max;
valid_referers none blocked networkflare.com *.networkflare.com;
if ($invalid_referer) {
return 403;
}
}

http://www.networkflare.com/
Subject Author Posted

Keeping your Nginx limit_* Anti-DDoS behind CloudFlare's servers

c0nw0nk September 13, 2016 04:09AM

Re: Keeping your Nginx limit_* Anti-DDoS behind CloudFlare's servers

gariac September 13, 2016 04:34AM

Re: Keeping your Nginx limit_* Anti-DDoS behind CloudFlare's servers

c0nw0nk September 13, 2016 04:51AM

Re: Keeping your Nginx limit_* Anti-DDoS behind CloudFlare's servers

c0nw0nk September 13, 2016 05:34AM

Re: Keeping your Nginx limit_* Anti-DDoS behind CloudFlare's servers

gariac September 13, 2016 05:36AM

Re: Keeping your Nginx limit_* Anti-DDoS behind CloudFlare's servers

c0nw0nk September 13, 2016 05:51AM

Re: Keeping your Nginx limit_* Anti-DDoS behind CloudFlare's servers

c0nw0nk September 13, 2016 07:16AM

Re: Keeping your Nginx limit_* Anti-DDoS behind CloudFlare's servers

Reinis Rozitis September 13, 2016 07:26AM

Re: Keeping your Nginx limit_* Anti-DDoS behind CloudFlare's servers

c0nw0nk September 13, 2016 08:07AM

Re: Keeping your Nginx limit_* Anti-DDoS behind CloudFlare's servers

c0nw0nk September 13, 2016 08:17AM

Re: Keeping your Nginx limit_* Anti-DDoS behind CloudFlare's servers

Reinis Rozitis September 13, 2016 08:26AM

Re: Keeping your Nginx limit_* Anti-DDoS behind CloudFlare's servers

c0nw0nk September 13, 2016 09:08AM

Re: Keeping your Nginx limit_* Anti-DDoS behind CloudFlare's servers

B.R. September 13, 2016 10:08AM

Re: Keeping your Nginx limit_* Anti-DDoS behind CloudFlare's servers

c0nw0nk September 13, 2016 10:41AM

Re: Keeping your Nginx limit_* Anti-DDoS behind CloudFlare's servers

itpp2012 September 13, 2016 03:36PM

Re: Keeping your Nginx limit_* Anti-DDoS behind CloudFlare's servers

c0nw0nk September 13, 2016 04:07PM

Re: Keeping your Nginx limit_* Anti-DDoS behind CloudFlare's servers

c0nw0nk September 13, 2016 08:02PM

Re: Keeping your Nginx limit_* Anti-DDoS behind CloudFlare's servers

itpp2012 September 14, 2016 12:48AM

Re: Keeping your Nginx limit_* Anti-DDoS behind CloudFlare's servers

c0nw0nk September 14, 2016 04:10AM

Re: Keeping your Nginx limit_* Anti-DDoS behind CloudFlare's servers

itpp2012 September 14, 2016 06:52AM

Re: Keeping your Nginx limit_* Anti-DDoS behind CloudFlare's servers

c0nw0nk September 14, 2016 08:23AM

Re: Keeping your Nginx limit_* Anti-DDoS behind CloudFlare's servers

Francis Daly September 13, 2016 07:24PM

Re: Keeping your Nginx limit_* Anti-DDoS behind CloudFlare's servers

FinalX September 14, 2016 07:06AM

Re: Keeping your Nginx limit_* Anti-DDoS behind CloudFlare's servers

Reinis Rozitis September 14, 2016 07:34AM

Re: Keeping your Nginx limit_* Anti-DDoS behind CloudFlare's servers

B.R. September 14, 2016 09:02AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 69
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready