Hey Malte, During a ddos attack, you are sending $possible_bad-ip to a different server that just sits there and does nothing but Captcha. The cost for showing a captcha to a host is far less than the impact it would have on your network/servers. also on the captcha you can implement cookie checks and if the host does not become valid say after seeing the page $n_times then you can add theby unclepieman - Nginx Mailing List - English
Hey, Instead of a 503, i would redirect them localhost:81 and allow them to validly themselves via captcha system in case its a false positive. Like above, if a host logs the same src_ip more than $x times in $xy min, u should be moving the acl up the chain, your sub-distribution, distribution cor or even edge routers. my 2 cents -Payam malte wrote: > Weibin Yao Wrote: > >> Wby unclepieman - Nginx Mailing List - English
Weibin, whats your email? ill contact you with a few things cheers Payam Weibin Yao wrote: > malte at 2010-11-5 3:47 wrote: >> Redd Vinylene Wrote: >> ------------------------------------------------------- >> >>> Just real quick: >>> >>> What about one of the BSDs and pf? The latter is >>> said to be the world's best >>> fiby unclepieman - Nginx Mailing List - English
Hi, Agreed, what Ive done in the past to get around that issue is to setup a span port on our edge so it takes a packet and mirrors it to another server, say nic1. You run a script on that server that does all the number crunching, based on what it sees, you can have your script modify routing on the edge router, inject iptables rules into your server or any gw devices above the server. You canby unclepieman - Nginx Mailing List - English
Hey, Why not utilize net filters/iptables for this? Setup a redirect to say localhost:81n then create a script to capture uri on each request, then use the information as u like... "Ddos mitigation based on client behavior and feedback loop which tells ur edge device how handle that traffic" If u need Help just email me off list and I can help you, no charge. Payam ------Original Messby unclepieman - Nginx Mailing List - English
ur upstream is refusing the connection as described in the error log. have you checked ur upstream logs? could be multiple things, starting from server configurations to webserver config. check to make sure ur not hitting ur max connection on the upstream httpd, paste an output of 'dmesg', if ur running iptables or any other firewall makes sure to check the logs and rules and check the system to cby unclepieman - Nginx Mailing List - English
are you sure you have checked both cronjob as well as scripts running in the background? it sounds like log rotate to me cheers Payam On Mon, Jul 5, 2010 at 7:01 PM, Xin Liu <liuxin84@gmail.com> wrote: > Hi all, > > My server is Debian. And I installed nginx (0.7.67-1) to host my webpage. > The problem is that, everyday on 06:25PM (New York time), nginx will > generate a neby unclepieman - Nginx Mailing List - English
Hey, I dont see any rules for ur iptables allowing port 9001, can you also show the output of "netstat -n" tnx ultrawind wrote: > netstat -ntop > Active Internet connections (w/o servers) > Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name Timer > tcp 0 160 ::ffff:192.168.1.140:22 ::ffff:192.168.1.19:by unclepieman - Nginx Mailing List - English
output of the following please: netstat -ntop iptables -L -n -v -x Thanks, Payam ultrawind wrote: > #telnet localhost 80 > Trying 127.0.0.1... > telnet: connect to address 127.0.0.1: Connection timed out > telnet: Unable to connect to remote host: Connection timed out > > i telnet 80 port,it also can't work. > > Posted at Nginx Forum: http://forum.nginx.org/read.php?2,93by unclepieman - Nginx Mailing List - English
I 2nd this take a look at your system output on copy/paste the outputs pls, run commands as root 1- cat /var/log/messages 2- ulimit (as the user that runs nginx) 3- dmesg Cliff Wells wrote: > On Wed, 2010-04-21 at 21:46 -0400, escavern wrote: > >> 105: No buffer space available >> > > http://en.wikipedia.org/wiki/ENOBUFS > > You are exhausting a kernel reby unclepieman - Nginx Mailing List - English
nothing saying that your out of sockets or mem or any messages about connection tracking modules being full?by unclepieman - Nginx Mailing List - English
Hey, Also what is the output of your dmesg ?by unclepieman - Nginx Mailing List - English
Usu wrote: > Hi, I'm having the same problem for a few weeks now, after x hours/days php becomes unresponsive, I've already changed 2 different php-fastcgi spawning scripts and tried php-fpm as well, switched between many version of the php 5.2 and 5.3 branches but the problem still remains so I don't think it's a php issue even if that would be the most logical conclusion. > > When php bby unclepieman - Nginx Mailing List - English
hey Guys, I cant seem to figure out why I cant properly convert this from apache to nginx, any help would be appreciated... ive tried a dozen times but it just will not function as expected. --- Options +FollowSymLinks RewriteEngine On RewriteBase / # URL PATTERN for sitetown # Main -> Category # http://www.site.com/category-name/ RewriteRule ^(+)/([0-9]+).html$ results.php?category_id=by unclepieman - Nginx Mailing List - English
Maxim Dounin wrote: > Hello! > > On Wed, Mar 31, 2010 at 01:22:56PM -0700, Payam Chychi wrote: > > >> Hi Guys, >> >> Anyone know what variable to search for and match against >> User/Client Browser Language? >> Say i want to drop everyone that has browser lang set to US or something. >> >> Thanks in advance, i should be able to figure thiby unclepieman - Nginx Mailing List - English
Hi Guys, Anyone know what variable to search for and match against User/Client Browser Language? Say i want to drop everyone that has browser lang set to US or something. Thanks in advance, i should be able to figure this out but i cant recall which $var holds this data... did not work with user-agent obviously heh Thanks Payam _______________________________________________ nginx mailing lby unclepieman - Nginx Mailing List - English
heh exactly my point =)by unclepieman - Nginx Mailing List - English
and even on layer3 its not so simple to do this, it would require either a lot of netfilter hooks and perhaps some hacking. another way to do this is if you were using linux on the end dst_ip server with a broken tcp stack (like kern 2.2 for example). you could use nginx to perform mnm spoof connections ... but this will not work as of like 3 years ago =)by unclepieman - Nginx Mailing List - English
I see now, i dont think there would be any other work around if you cant install the required scripts to allow iis proper understanding of x-forwarded-for You could re-write the stack and swap remote_addr for x_forwarded_for but that would probably break more things and its not something that is easily done. im assuming you require x-forward for proper session/user management? if so, thoughtby unclepieman - Nginx Mailing List - English
Hey Curtis, Maybe im misunderstanding your request here but within nginx its very easy to attach the x-forwarded-for value and pass it to the next device/upstream. All you have to do is set the following variable in your proxy configuration file (or per config if you choose to do it seperatly for different upstreams) proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; Regards,by unclepieman - Nginx Mailing List - English