DDoS protection module suggestion

malte nginx-forum at nginx.us
Fri Nov 5 19:11:07 MSK 2010

unclepieman Wrote:
> Hey,
> Instead of a 503, i would redirect them
> localhost:81 and allow them to 
> validly themselves via captcha system in case its
> a false positive.
> Like above, if a host logs the same src_ip more
> than $x times in $xy 
> min, u should be moving the acl up the chain, your
> sub-distribution, 
> distribution cor or even edge routers.

It would be nice to have it configurable either way, but when you are
hit with a 50k bot attack and you have IPs requesting 50 pages per
second, you want to put them down immediately, not spend server time
serving them a dynamic captcha page.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,147105,148021#msg-148021

More information about the nginx mailing list