Blocking tens of thousands of IP's

mex nginx-forum at forum.nginx.org
Fri Nov 4 09:43:47 UTC 2016


Hi Eric, 


see my reply https://forum.nginx.org/read.php?2,270680,270757#msg-270757

we do a similar thing but keep a counter within nginx (lua_shared_dict FTW)
and export this stuff via /badass - location. 

although its not realtime we have a delay of 5 sec which is enough for us




cheers, 


mex





Cox, Eric S Wrote:
-------------------------------------------------------
> Currently we track all access logs realtime via an in house built log
> aggregation solution. Various algorithms are setup to detect said IPS
> whether it be by hit rate, country, known types of attacks etc. These
> IPS are typically identified within a few mins and we reload to banned
> list every 60 seconds. We just moved some services from apache where
> we were doing this without any noticable performance impact. Have this
> working in nginx but was looking for general suggestion on how to
> optimize if at all possible.
>

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,270680,270758#msg-270758



More information about the nginx mailing list