DDoS protection module suggestion
malte
nginx-forum at nginx.us
Fri Nov 5 19:16:15 MSK 2010
> Maybe I could add extra variable like this:
> if ($limit_access_deny) {
> add_header Location http://xxxx:81/;
> return 302;
> }
Would work nicely.
> I think it's good to divide the determination from
> the Nginx. It's hard
> to determine the IP by single Nginx whether is
> good or bad. Actually we
> have 20+ reverse proxy Nginx servers in the front.
> Each Nginx doesn't
> known others status. In our DDOS attack, the
> bad-IP's request rate is a
> little higher than the normal request.
>
> We decide to collect the log together and analyze
> it. I don't know the
> payload of log collection. Maybe it's too high. We
> have not done the
> performance test yet. Or we should do log analysis
> distributed in each
> server and then collect the results together.
Hms. In my set up, I have 3 machines each running nginx. They all have
their own public IP, and I simply let DNS round robin in the requests to
them. When I was hit, all machines were hit simultaneously, but the
individual bots attacking each targeted one machine only.
I take it you have some sort of load balancer in front that distributes
your incoming traffic differently from me?
Posted at Nginx Forum: http://forum.nginx.org/read.php?2,147105,148026#msg-148026
More information about the nginx
mailing list