Blocking tens of thousands of IP's

mex nginx-forum at
Fri Nov 4 09:43:47 UTC 2016

Hi Eric, 

see my reply,270680,270757#msg-270757

we do a similar thing but keep a counter within nginx (lua_shared_dict FTW)
and export this stuff via /badass - location. 

although its not realtime we have a delay of 5 sec which is enough for us



Cox, Eric S Wrote:
> Currently we track all access logs realtime via an in house built log
> aggregation solution. Various algorithms are setup to detect said IPS
> whether it be by hit rate, country, known types of attacks etc. These
> IPS are typically identified within a few mins and we reload to banned
> list every 60 seconds. We just moved some services from apache where
> we were doing this without any noticable performance impact. Have this
> working in nginx but was looking for general suggestion on how to
> optimize if at all possible.

Posted at Nginx Forum:,270680,270758#msg-270758

More information about the nginx mailing list