limit_req with IP whitelisting

LeMaitre nginx-forum at nginx.us
Wed Jul 6 22:43:52 MSD 2011


Hello Maxim,

I have tried and I got error 403.

http {
 ...
 geo $nolimit {
  default 0;
  10.0.0.0/24 1; # my network
  192.168.0/24 1;  #my network
 }
 limit_req_zone $binary_remote_addr zone=ratezone:10m rate=5r/s;
 ...

 server {
  location / {
   error_page 418 = @nolimit;
   if ($nolimit) {
    return 418;
   }
   limit_req zone=ratezone burst=10 nodelay;
   index.html index.php;
   if (!-f $request_filename) {
    rewrite ^/(.*)$ /index.php last;
   }
 }

 location @nolimit {
 }
...
}



Is it right?

My goal is to block/reduce some DDoS without disturbing the internal
subnet network.

P.S: I'm using geoip to redirect some country to a static file but from
time to time there's some botnet on the allowed county.


Thanks in advance

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,211989,211991#msg-211991




More information about the nginx mailing list