Blocking tens of thousands of IP's

Jonathan Vanasco nginx at 2xlp.com
Tue Nov 8 18:28:20 UTC 2016


On Nov 4, 2016, at 5:43 AM, mex wrote:

> we do a similar thing but keep a counter within nginx (lua_shared_dict FTW)
> and export this stuff via /badass - location. 
> 
> although its not realtime we have a delay of 5 sec which is enough for us


We have a somewhat similar setup under openresty/nginx, but for some different purposes -- I imagine it would transition nicely to this though.  

We use lua_shared_dict as a read-through cache on each nginx node, with lookups failing over to a central Redis server on the LAN.   A small python app manages the Redis server, and each nginx server has an internal api (LAN only access, written in lua) that can flush, prime, or add/delete items to the shared dict as needed.  the python app runs on-demand, and also at intervals to reformat internal data for Redis and nginx.   

this may sound like a lot, but it only took a few hours to get it working and it was much easier to have Redis+Python broker the information between nginx and internal systems than to have them talk directly to one another.


More information about the nginx mailing list