Protecting nginx from syn flood and DOS vs legit heavy traffic
rtibmx at yahoo.com
Wed Jul 2 19:08:47 MSD 2008
> A severe TCP connect attack would impact nginx more, but
> the affect of it
> can be
> minimized with a small client_header_timeout and/or
> client_body timeout.
Thanks for the tips. Can you explain what LEGITIMATE conditions could cause a client_header_timeout and/or client_body_timeout condition?
The default for those is 60 seconds which seems much higher than I think we need, so I would like to more aggressively shrink those down.
In case it matters, our nginx is the front end server for a web service. Basically we get a request for a small htm or xml or js or gif file and serve it, and then that is the end of the content.
What setting do you think I can use for those timeouts to be more aggressive but without running the chance of returning timing legitimate requests out? Thanks!!
More information about the nginx