Welcome! Log In Create A New Profile

Advanced

Re: How to control the total requests in Ngnix

November 30, 2017 09:10PM
Here is a log of real life IP limiting with a 30 connection limit:
86.184.152.14 British Telecommunications PLC
8.37.235.199 Level 3 Communications Inc.
130.76.186.14 The Boeing Company

security.5.bz2:Nov 29 20:50:53 theranch kernel: ipfw: 5005 drop session type 40 86.184.152.14 58714 -> myip 80, 34 too many entries
security.6.bz2:Nov 29 16:01:31 theranch kernel: ipfw: 5005 drop session type 40 8.37.235.199 10363 -> myip 80, 42 too many entries
above repeated twice
security.8.bz2:Nov 29 06:39:15 theranch kernel: ipfw: 5005 drop session type 40 130.76.186.14 34056 -> myip 80, 31 too many entries
above repeated 18 times

I have an Alexa rating around 960,000. Hey, at least I made to the top one million websites. But my point is even with a limit of 30, I'm kicking out readers.

Look at the nature of the IPs. British Telecom is one of those huge ISPs where I guess different users are sharing the same IP. (Not sure.) Level 3 is the provider at many Starbucks, besides being a significant traffic carrier. Boeing has decent IP space, but maybe only a few IPs per facility. Who knows.

My point is if you set the limit at two, that is way too low.

The only real way to protect from DDOS is to use a commercial reverse proxy. I don't think limiting connection in Nginx (or in the firewall) will solve a real attack. It will probably stop some kid in his parents basement. But today you can rent DDOS attacks on the dark web.

If you really want to improve performance of your server, do severe IP filtering at the firewall. Limit the number of search engines that can read your site. Block major hosting companies and virtual private servers. There are no eyeballs there. Just VPNs (who can drop the VPN if they really want to read your site) and hackers. Easily half the internet traffic is bots.

Per some discussions on this list, it is best not to block using nginx, but rather use the firewall. Nginx parses the http request even if blocking the IP, so the CPU load isn't insignificant. As an alternative, you can use a reputation based blocking list. (I don't use one on web servers, just on email servers.)

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

How to control the total requests in Ngnix

tongshushan@migu.cn November 30, 2017 04:14AM

回复: How to control the total requests in Ngnix

tongshushan@migu.cn November 30, 2017 04:16AM

Re: 回复: How to control the total requests in Ngnix

gariac November 30, 2017 04:46AM

Re: 回复: How to control the total requests in Ngnix

gariac November 30, 2017 01:56PM

Re: How to control the total requests in Ngnix

Francis Daly November 30, 2017 05:18AM

Re: Re: How to control the total requests in Ngnix

tongshushan@migu.cn November 30, 2017 06:54AM

Re: How to control the total requests in Ngnix

pbooth November 30, 2017 05:28PM

Re: How to control the total requests in Ngnix

gariac November 30, 2017 09:10PM

Re: Re: How to control the total requests in Ngnix

tongshushan@migu.cn November 30, 2017 09:14PM

Re: Re: How to control the total requests in Ngnix

tongshushan@migu.cn November 30, 2017 07:06AM

Re: Re: How to control the total requests in Ngnix

Francis Daly November 30, 2017 01:40PM

Re: Re: How to control the total requests in Ngnix

tongshushan@migu.cn November 30, 2017 10:20PM

Re: Re: How to control the total requests in Ngnix

Maxim Dounin December 01, 2017 08:48AM

Re: How to control the total requests in Ngnix

Maxim Dounin December 01, 2017 11:14AM

Re: Re: How to control the total requests in Ngnix

Francis Daly December 02, 2017 06:04AM

Re: Re: How to control the total requests in Ngnix

tongshushan@migu.cn December 02, 2017 11:00PM

Re: Re: How to control the total requests in Ngnix

Francis Daly December 05, 2017 03:54AM

Re: Re: How to control the total requests in Ngnix

tongshushan@migu.cn December 05, 2017 08:52PM

Re: Re: How to control the total requests in Ngnix

tongshushan@migu.cn November 30, 2017 11:54PM

Re: Re: How to control the total requests in Ngnix

tongshushan@migu.cn November 30, 2017 11:56PM

Re: Re: How to control the total requests in Ngnix

tongshushan@migu.cn December 02, 2017 04:58AM

Re: How to control the total requests in Ngnix

gariac November 30, 2017 11:18PM

Re: How to control the total requests in Ngnix

gariac December 01, 2017 09:46AM

Re: How to control the total requests in Ngnix

gariac December 03, 2017 04:10PM

Re: How to control the total requests in Ngnix

pbooth December 04, 2017 01:14AM

Re: How to control the total requests in Ngnix

pbooth December 04, 2017 04:24AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 83
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready