DDoS protection module suggestion
pchychi at gmail.com
Fri Nov 5 10:30:05 MSK 2010
Instead of a 503, i would redirect them localhost:81 and allow them to
validly themselves via captcha system in case its a false positive.
Like above, if a host logs the same src_ip more than $x times in $xy
min, u should be moving the acl up the chain, your sub-distribution,
distribution cor or even edge routers.
my 2 cents
> Weibin Yao Wrote:
>> We are facing the similar DDOS situation to you.
>> I'm developing a module
>> which can deny the individual IPs. The module can
>> get the IPs with a
>> POST request from a commander server in the
>> intranet. If you have some
>> suggestions, you can contact to me.
>> The module will be here:
>> dule, but I need some
>> more days to finish it.
> Being able to interrogate the server for a list of bad IPs is an
> excellent idea, it would allow people to make their own firewall-block
> scripts etc.
> The main suggestion I have is that the module supports this kind of
> If an IP has requested more than X pages in the last Y seconds, then
> serve only 503 errors to that IP for the next Z seconds, and use at most
> W megabytes of RAM for the bad-IP pool.
> Posted at Nginx Forum: http://forum.nginx.org/read.php?2,147105,147863#msg-147863
> nginx mailing list
> nginx at nginx.org
More information about the nginx