Nginx Auth Module auth_basic and Flooding/DoS/DDoS

c0nw0nk nginx-forum at
Thu Jul 6 06:19:09 UTC 2017

Here is my config :

http {

limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
limit_conn_zone $binary_remote_addr zone=addr:10m;

server {

location /secured/ {

auth_basic "secured area";
auth_basic_user_file conf/htpasswd;

limit_req zone=one burst=5;
limit_conn addr 1;



My question is with the nginx auth module should i still need to protect
that area from flooding / ddos or will the auth module denying access be

Would like to know how well the auth module processes and does compared to
the limit_req or limit_conn module and if i should keep those in my
configuration or remove them since the auth module could be already doing
all the work.

Posted at Nginx Forum:,275321,275321#msg-275321

More information about the nginx mailing list