how can I block the attack like this?

姚伟斌 nbubingo at gmail.com
Wed Sep 5 01:52:33 UTC 2012 

Try the limit_conn moule:
http://nginx.org/en/docs/http/ngx_http_limit_conn_module.html.

Or the limit_req module:
http://nginx.org/en/docs/http/ngx_http_limit_req_module.html.

2012/9/5 magic.drums at gmail.com <magic.drums at gmail.com>:
> I see that the documentation says it works only with older versions of nginx
> and according to what I see in the installation manual can be compiled with
> any version of nginx
>
> On Sep 4, 2012 9:49 PM, "fhal" <meteor8488 at 163.com> wrote:
>>
>> Thanks .
>> But it seems WAF can only support nginx which version is lower than 1.2.0.
>>
>>
>> At 2012-09-04 22:14:57,"magic.drums at gmail.com" <magic.drums at gmail.com>
>> wrote:
>>
>> what I see is that you want to block XSS attacks and code injection, that
>> is why I recommend a WAF
>>
>> Regards,
>>
>> On Tue, Sep 4, 2012 at 10:49 AM, Jaap van Arragon
>> <j.vanarragon at lukkien.com> wrote:
>>>
>>> Hi,
>>>
>>> If the user is coming from the same ip address you can block it in your
>>> iptables or firewall.
>>>
>>> Regards
>>>
>>>
>>>
>>> On 9/4/12 3:45 PM, "magic.drums at gmail.com" <magic.drums at gmail.com> wrote:
>>>
>>> Hi,
>>> WAF(http://code.google.com/p/naxsi/) at possible solution?
>>>
>>> Regards,
>>>
>>> On Tue, Sep 4, 2012 at 10:42 AM, fhal <meteor8488 at 163.com> wrote:
>>>
>>>  Hi all,
>>>
>>> Today my server was attacked. After checked Nginx access log, I found
>>> logs like below:
>>>
>>>
>>> 116.114.17.182 - - [04/Sep/2012:20:27:41 +0800] "GET
>>> /member.php??username=xxxx&rndnum=-1777927191 HTTP/1.1" 500 186 "-" "-" "-"
>>>
>>> 116.114.17.182 - - [04/Sep/2012:20:27:41 +0800] "GET
>>> /member.php??username=xxxx&rndnum=-1777927191 HTTP/1.1" 500 186 "-" "-" "-"
>>>
>>> 116.114.17.182 - - [04/Sep/2012:20:27:41 +0800] "GET
>>> /member.php??username=xxxx&rndnum=-1777927191 HTTP/1.1" 500 186 "-" "-" "-"
>>>
>>>
>>>
>>> It seems the attacker was using some tool to attack my server. You can
>>> see that the user agent / browser version are blank.
>>>
>>> Due to I can't block the blank user agent (some web browser is using
>>> blank user agent, for example, UC), is there any way can I use to block this
>>> kind of attack?
>>>
>>>
>>>
>>> Thank
>>>
>>>
>>>
>>> _______________________________________________
>>> nginx mailing list
>>> nginx at nginx.org
>>> http://mailman.nginx.org/mailman/listinfo/nginx
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> nginx mailing list
>>> nginx at nginx.org
>>> http://mailman.nginx.org/mailman/listinfo/nginx
>>
>>
>>
>>
>> --
>> Victor Pereira
>>
>>
>>
>>
>> _______________________________________________
>> nginx mailing list
>> nginx at nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx
>
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx

More information about the nginx mailing list