Forum List Message List New Topic Print View

c0nw0nk

September 13, 2016 09:08AM

Registered: 10 years ago
Posts: 210

Reinis Rozitis Wrote:
-------------------------------------------------------
> > But that book says it is to reduce the memory footprint ?
>
> Correct, but that is for that specific varible.
>
> You can't take $http_cf_connecting_ip which is a HTTP header comming
> from
> Cloudflare and prepend $binary_ just to "lower memory footprint".
> There is no such functionality.
>
>
> What you might do is still use $binary_remote_addr but in combination
> with
> RealIP module (
> http://nginx.org/en/docs/http/ngx_http_realip_module.html ):
>
> real_ip_header CF-Connecting-IP;
>
> Detailed guide from Cloudflare:
> (
> https://support.cloudflare.com/hc/en-us/articles/200170706-How-do-I-re
> store-original-visitor-IP-with-Nginx-
> )
>
>
> Theoretically it should work but to be sure you would need to test it
> or ask
> a nginx dev for confirmation if the realip module takes precedence and
>
> updates also the ip binary variable before the limit_req module.
>
> rr
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx

Thanks for the info :) For now I will just stick with what I know is currently working either way I believe the stored key in memory won't be compressed due to being behind cloudflare's reverse proxy as you said only $binary_remote_addr is compressing their IP to reduce memory footprint.

Here is my config for anyone who wants to test or play around same as in original email.

map $http_cf_connecting_ip $client_ip_from_cf {
default $http_cf_connecting_ip;
}

limit_req_zone $client_ip_from_cf zone=one:10m rate=30r/m;
limit_conn_zone $client_ip_from_cf zone=addr:10m;

location ~ \.mp4$ {
limit_conn addr 10; #Limit open connections from same ip
limit_req zone=one; #Limit max number of requests from same ip

mp4;
limit_rate_after 1m; #Limit download rate
limit_rate 1m; #Limit download rate
root '//172.168.0.1/StorageServ1/server/networkflare/public_www';
expires max;
valid_referers none blocked networkflare.com *.networkflare.com;
if ($invalid_referer) {
return 403;
}
}

http://www.networkflare.com/

Reply Quote

RSS

Subject	Author	Posted
Keeping your Nginx limit_* Anti-DDoS behind CloudFlare's servers	c0nw0nk	September 13, 2016 04:09AM
Re: Keeping your Nginx limit_* Anti-DDoS behind CloudFlare's servers	gariac	September 13, 2016 04:34AM
Re: Keeping your Nginx limit_* Anti-DDoS behind CloudFlare's servers	c0nw0nk	September 13, 2016 04:51AM
Re: Keeping your Nginx limit_* Anti-DDoS behind CloudFlare's servers	c0nw0nk	September 13, 2016 05:34AM
Re: Keeping your Nginx limit_* Anti-DDoS behind CloudFlare's servers	gariac	September 13, 2016 05:36AM
Re: Keeping your Nginx limit_* Anti-DDoS behind CloudFlare's servers	c0nw0nk	September 13, 2016 05:51AM
Re: Keeping your Nginx limit_* Anti-DDoS behind CloudFlare's servers	c0nw0nk	September 13, 2016 07:16AM
Re: Keeping your Nginx limit_* Anti-DDoS behind CloudFlare's servers	Reinis Rozitis	September 13, 2016 07:26AM
Re: Keeping your Nginx limit_* Anti-DDoS behind CloudFlare's servers	c0nw0nk	September 13, 2016 08:07AM
Re: Keeping your Nginx limit_* Anti-DDoS behind CloudFlare's servers	c0nw0nk	September 13, 2016 08:17AM
Re: Keeping your Nginx limit_* Anti-DDoS behind CloudFlare's servers	Reinis Rozitis	September 13, 2016 08:26AM
Re: Keeping your Nginx limit_* Anti-DDoS behind CloudFlare's servers	c0nw0nk	September 13, 2016 09:08AM
Re: Keeping your Nginx limit_* Anti-DDoS behind CloudFlare's servers	B.R.	September 13, 2016 10:08AM
Re: Keeping your Nginx limit_* Anti-DDoS behind CloudFlare's servers	c0nw0nk	September 13, 2016 10:41AM
Re: Keeping your Nginx limit_* Anti-DDoS behind CloudFlare's servers	itpp2012	September 13, 2016 03:36PM
Re: Keeping your Nginx limit_* Anti-DDoS behind CloudFlare's servers	c0nw0nk	September 13, 2016 04:07PM
Re: Keeping your Nginx limit_* Anti-DDoS behind CloudFlare's servers	c0nw0nk	September 13, 2016 08:02PM
Re: Keeping your Nginx limit_* Anti-DDoS behind CloudFlare's servers	itpp2012	September 14, 2016 12:48AM
Re: Keeping your Nginx limit_* Anti-DDoS behind CloudFlare's servers	c0nw0nk	September 14, 2016 04:10AM
Re: Keeping your Nginx limit_* Anti-DDoS behind CloudFlare's servers	itpp2012	September 14, 2016 06:52AM
Re: Keeping your Nginx limit_* Anti-DDoS behind CloudFlare's servers	c0nw0nk	September 14, 2016 08:23AM
Re: Keeping your Nginx limit_* Anti-DDoS behind CloudFlare's servers	Francis Daly	September 13, 2016 07:24PM
Re: Keeping your Nginx limit_* Anti-DDoS behind CloudFlare's servers	FinalX	September 14, 2016 07:06AM
Re: Keeping your Nginx limit_* Anti-DDoS behind CloudFlare's servers	Reinis Rozitis	September 14, 2016 07:34AM
Re: Keeping your Nginx limit_* Anti-DDoS behind CloudFlare's servers	B.R.	September 14, 2016 09:02AM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 252

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018