Do i need mod_security for nginx?

Patrick Lists nginx-list at
Mon Oct 21 21:17:23 UTC 2013

On 10/21/2013 10:12 PM, agriz wrote:
> Today i found one particular IP address which was trying a lot of things in
> my server.
> For a second, it was sending atleast 50 requests.
> It was keep on accessing my admin login page with post and get request
> That IP tried proxy GET http://...
> It tried to inject something in the script with -d parameter.
> i added "limit_req_zone  $binary_remote_addr  zone=app:10m   rate=2r/s; " in
> http block and
> location / {
>              limit_req   zone=app burst=50;
> }
> I believe it will block too many connections per second from a ip.
> How do i secure the server from other attacks?

Have a look at fail2ban.


More information about the nginx mailing list