Do i need mod_security for nginx?

agriz nginx-forum at
Mon Oct 21 20:12:56 UTC 2013

Today i found one particular IP address which was trying a lot of things in
my server.

For a second, it was sending atleast 50 requests.
It was keep on accessing my admin login page with post and get request
That IP tried proxy GET http://...
It tried to inject something in the script with -d parameter.

i added "limit_req_zone  $binary_remote_addr  zone=app:10m   rate=2r/s; " in
http block and 
location / {
            limit_req   zone=app burst=50;

I believe it will block too many connections per second from a ip.
How do i secure the server from other attacks?


Posted at Nginx Forum:,243933,243933#msg-243933

More information about the nginx mailing list