Here is my config :
http {
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
limit_conn_zone $binary_remote_addr zone=addr:10m;
server {
location /secured/ {
auth_basic "secured area";
auth_basic_user_file conf/htpasswd;
limit_req zone=one burst=5;
limit_conn addr 1;
}
}
My question is with the nginx auth module should i still need to protect that area from flooding / ddos or will the auth module denying access be enough.
Would like to know how well the auth module processes and does compared to the limit_req or limit_conn module and if i should keep those in my configuration or remove them since the auth module could be already doing all the work.
http://www.networkflare.com/