444 return code and rate limiting

lists at lazygranch.com lists at lazygranch.com
Tue Sep 27 16:44:16 UTC 2016

I pulled this off the rate limiting thread since I think the 444 return is a good topic all on its own.

"But under a DoS attack I always feel those values would be better being
"444" since the server won't respond and cut's the connection rather than
waste bandwidth on a client who is opening and closing connections fast as a

Looking at the times in my nginx access.log, I don't believe any connection is cut. Rather nginx just doesn't respond. A browser will wait an appropriate amount of time before it decides there is no response, but the code from the hackers just keeps hammering the server. 

What I don't know is if the 444 return effects the nginx rate limiting coding since you have effectively not returned anything, so what is there to limit?

The experiment would be to hammer your webserver from the server itself rather than over the Internet, and see if it does get rate limited. That would take network losses out of the picture. 

When I get a chance, I'm going to pastebin the logs from that attack I got from the Hong Kong server so the times can be seen. 

More information about the nginx mailing list