Welcome! Log In Create A New Profile

Advanced

Re: How to rate-limit jorgee malware scanner?

Etienne Robillard
July 24, 2017 10:08AM
Hi all,

Unfortunately, its impossible to use limit_req within the http location
using a "if" statement like so:

http {

limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;

if ($http_user_agent ~* (Jorgee)) {

limit_req zone=one burst=5;

return 403;

}

}


As a workaround I use limit_req within a location to prevent my uwsgi
app for being abused.

Cheers,
E

Le 2017-07-24 à 08:12, Zhang Chao a écrit :
>
> Hi!
>
> Nginx carries with the limit_req_module
> http://nginx.org/en/docs/http/ngx_http_limit_req_module.html. I
> think it is a good helper.
>
>
>
> On 24 July 2017 at 20:10:05, Gary Sellani (lists@lazygranch.com
> <mailto:lists@lazygranch.com>) wrote:
>
>> I just detect the use agent and return 444, but every attempt to get
>> a file will show up in your access.log.
>>
>> https://www.buildersociety.com/threads/block-unwanted-bots-on-apache-nginx-constantly-updated.1898/
>>
>> I get two or three jorgee "sessions" a day. They tend not to use the
>> domain name but reference your server by IP, so there might be some
>> better blocking scheme.
>>
>> Original Message
>> From: tkadm30@yandex.com <mailto:tkadm30@yandex.com>
>> Sent: July 24, 2017 3:14 AM
>> To: nginx@nginx.org <mailto:nginx@nginx.org>
>> Reply-to: nginx@nginx.org <mailto:nginx@nginx.org>
>> Subject: How to rate-limit jorgee malware scanner?
>>
>> Hi,
>>
>> The Jorgee malware scanner is creating a lot of activity on my site. I
>> would like to rate-limit its connections to nginx based on the
>> User-Agent, since blocking all IP addresses with iptables seems
>> impossible. Is their a quick way of doing this ?
>>
>> Thank you in advance ,
>>
>> E
>>
>> --
>> Etienne Robillard
>> tkadm30@yandex.com <mailto:tkadm30@yandex.com>
>> http://www.isotopesoftware.ca/
>>
>> _______________________________________________
>> nginx mailing list
>> nginx@nginx.org <mailto:nginx@nginx.org>
>> http://mailman.nginx.org/mailman/listinfo/nginx
>> _______________________________________________
>> nginx mailing list
>> nginx@nginx.org <mailto:nginx@nginx.org>
>> http://mailman.nginx.org/mailman/listinfo/nginx
>
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx

--
Etienne Robillard
tkadm30@yandex.com
http://www.isotopesoftware.ca/

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

How to rate-limit jorgee malware scanner?

Etienne Robillard July 24, 2017 06:14AM

Re: How to rate-limit jorgee malware scanner?

gariac July 24, 2017 08:10AM

Re: How to rate-limit jorgee malware scanner?

tokers July 24, 2017 08:14AM

Re: How to rate-limit jorgee malware scanner?

Etienne Robillard July 24, 2017 10:08AM

Re: How to rate-limit jorgee malware scanner?

gariac July 24, 2017 10:14AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 112
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready