DDoS protection module suggestion

Rainer Duffner rainer at ultra-secure.de
Thu Nov 4 00:38:35 MSK 2010


Am 03.11.2010 um 03:19 schrieb malte:

> I've recently been hit pretty hard with a nasty DDoS attack on a  
> site of
> mine.



What demographic does the site serve?
If it's country-specific, you can use http://wiki.nginx.org/HttpGeoIPModule 
  and block most of the bad guys.

In the case I had, the site was only of interest to a very limited  
(but sharply distinguishable) amount of the world-population ;-)

Nginx handled millions and millions of requests in a couple of hours  
just to display some 403 page.

I created an "exception" config to handle the handful of other IPs  
that needed to have access.

If the site's audience is truly global, it's very difficult.

Apart from the fact that in a true DDoS scenario (in the mentioned  
case, we're talking about 200something attacking hosts), you'd need  
NGINX to be sitting next to your peering points upstream.



Rainer



More information about the nginx mailing list