DDoS protection module suggestion

malte nginx-forum at nginx.us
Fri Nov 5 19:16:15 MSK 2010

> Maybe I could add extra variable like this:
> if ($limit_access_deny) {
>     add_header Location http://xxxx:81/;
>     return 302;
> }

Would work nicely.

> I think it's good to divide the determination from
> the Nginx. It's hard 
> to determine the IP by single Nginx whether is
> good or bad. Actually we 
> have 20+ reverse proxy Nginx servers in the front.
> Each Nginx doesn't 
> known others status. In our DDOS attack, the
> bad-IP's request rate is a 
> little higher than the normal request.
> We decide to collect the log together and analyze
> it. I don't know the 
> payload of log collection. Maybe it's too high. We
> have not done the 
> performance test yet. Or we should do log analysis
> distributed in each 
> server and then collect the results together.

Hms. In my set up, I have 3 machines each running nginx. They all have
their own public IP, and I simply let DNS round robin in the requests to
them. When I was hit, all machines were hit simultaneously, but the
individual bots attacking each targeted one machine only.
I take it you have some sort of load balancer in front that distributes
your incoming traffic differently from me?

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,147105,148026#msg-148026

More information about the nginx mailing list