Welcome! Log In Create A New Profile

Re: How to control the total requests in Ngnix

Forum List Message List New Topic Print View

gariac

November 30, 2017 09:10PM

Registered: 9 years ago
Posts: 178

Here is a log of real life IP limiting with a 30 connection limit:
86.184.152.14 British Telecommunications PLC
8.37.235.199 Level 3 Communications Inc.
130.76.186.14 The Boeing Company

security.5.bz2:Nov 29 20:50:53 theranch kernel: ipfw: 5005 drop session type 40 86.184.152.14 58714 -> myip 80, 34 too many entries
security.6.bz2:Nov 29 16:01:31 theranch kernel: ipfw: 5005 drop session type 40 8.37.235.199 10363 -> myip 80, 42 too many entries
above repeated twice
security.8.bz2:Nov 29 06:39:15 theranch kernel: ipfw: 5005 drop session type 40 130.76.186.14 34056 -> myip 80, 31 too many entries
above repeated 18 times

I have an Alexa rating around 960,000. Hey, at least I made to the top one million websites. But my point is even with a limit of 30, I'm kicking out readers.

Look at the nature of the IPs. British Telecom is one of those huge ISPs where I guess different users are sharing the same IP. (Not sure.) Level 3 is the provider at many Starbucks, besides being a significant traffic carrier. Boeing has decent IP space, but maybe only a few IPs per facility. Who knows.

My point is if you set the limit at two, that is way too low.

The only real way to protect from DDOS is to use a commercial reverse proxy. I don't think limiting connection in Nginx (or in the firewall) will solve a real attack. It will probably stop some kid in his parents basement. But today you can rent DDOS attacks on the dark web.

If you really want to improve performance of your server, do severe IP filtering at the firewall. Limit the number of search engines that can read your site. Block major hosting companies and virtual private servers. There are no eyeballs there. Just VPNs (who can drop the VPN if they really want to read your site) and hackers. Easily half the internet traffic is bots.

Per some discussions on this list, it is best not to block using nginx, but rather use the firewall. Nginx parses the http request even if blocking the IP, so the CPU load isn't insignificant. As an alternative, you can use a reputation based blocking list. (I don't use one on web servers, just on email servers.)

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Reply Quote

RSS

Subject	Author	Posted
How to control the total requests in Ngnix	tongshushan@migu.cn	November 30, 2017 04:14AM
回复: How to control the total requests in Ngnix	tongshushan@migu.cn	November 30, 2017 04:16AM
Re: 回复: How to control the total requests in Ngnix	gariac	November 30, 2017 04:46AM
Re: 回复: How to control the total requests in Ngnix	gariac	November 30, 2017 01:56PM
Re: How to control the total requests in Ngnix	Francis Daly	November 30, 2017 05:18AM
Re: Re: How to control the total requests in Ngnix	tongshushan@migu.cn	November 30, 2017 06:54AM
Re: How to control the total requests in Ngnix	pbooth	November 30, 2017 05:28PM
Re: How to control the total requests in Ngnix	gariac	November 30, 2017 09:10PM
Re: Re: How to control the total requests in Ngnix	tongshushan@migu.cn	November 30, 2017 09:14PM
Re: Re: How to control the total requests in Ngnix	tongshushan@migu.cn	November 30, 2017 07:06AM
Re: Re: How to control the total requests in Ngnix	Francis Daly	November 30, 2017 01:40PM
Re: Re: How to control the total requests in Ngnix	tongshushan@migu.cn	November 30, 2017 10:20PM
Re: Re: How to control the total requests in Ngnix	Maxim Dounin	December 01, 2017 08:48AM
Re: How to control the total requests in Ngnix	Maxim Dounin	December 01, 2017 11:14AM
Re: Re: How to control the total requests in Ngnix	Francis Daly	December 02, 2017 06:04AM
Re: Re: How to control the total requests in Ngnix	tongshushan@migu.cn	December 02, 2017 11:00PM
Re: Re: How to control the total requests in Ngnix	Francis Daly	December 05, 2017 03:54AM
Re: Re: How to control the total requests in Ngnix	tongshushan@migu.cn	December 05, 2017 08:52PM
Re: Re: How to control the total requests in Ngnix	tongshushan@migu.cn	November 30, 2017 11:54PM
Re: Re: How to control the total requests in Ngnix	tongshushan@migu.cn	November 30, 2017 11:56PM
Re: Re: How to control the total requests in Ngnix	tongshushan@migu.cn	December 02, 2017 04:58AM
Re: How to control the total requests in Ngnix	gariac	November 30, 2017 11:18PM
Re: How to control the total requests in Ngnix	gariac	December 01, 2017 09:46AM
Re: How to control the total requests in Ngnix	gariac	December 03, 2017 04:10PM
Re: How to control the total requests in Ngnix	pbooth	December 04, 2017 01:14AM
Re: How to control the total requests in Ngnix	pbooth	December 04, 2017 04:24AM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 242

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018