How do you know that this is an attack and not “normal traffic?”
How are these requests different from regular requests?
What do the weblogs say about the “attack requests?"
> On 10 Jan 2019, at 10:30 PM, gnusys <nginx-forum@forum.nginx.org> wrote:
>
> My Current settings are higher except the worker_process
>
> worker_processes 1;
> worker_rlimit_nofile 69152;
> worker_shutdown_timeout 10s;
> thread_pool iopool threads=32 max_queue=65536;
>
>
> I think the issue is that nginx accumulate ESTABLISHED and CLOSE_WAIT and
> FIN_WAIT1
>
> From successive netstat -apn listing I see that it is the CLOSE_WAIT that is
> sky-rocketing first
>
> then eventually ESTABLISHED and FIN_WAIT1
>
>
> The million dollar question is why Apache httpd is handling this situation
> of attack quite well on the same server while having Nginx as a reverse
> proxy hangs the web stack by TCP state exhaustion?
>
> The symptoms are similar to what is mentioned at
> https://blog.cloudflare.com/this-is-strictly-a-violation-of-the-tcp-specification/
>
> Only thing is that I don't know what must be changed in the config etc to
> fix this problem in nginx
>
> Posted at Nginx Forum: https://forum.nginx.org/read.php?2,282613,282645#msg-282645
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx