<html><head><meta http-equiv="Content-Security-Policy" content="script-src 'self'; img-src * cid: data:;"></head><body style="background-color: rgb(255, 255, 255); background-image: initial; line-height: initial;"><div id="response_container_BBPPID" style="outline:none;font-size:initial;font-family:"Calibri","Slate Pro",sans-serif,"sans-serif"" dir="auto" contenteditable="false"> <div name="BB10" dir="auto" style="width: 100%; padding: initial; font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);">I don't know about iptables, but you can limit port 80 and 443 with ipfw. I run mine at 10 per IP. I've had corporations behind NAT trigger lesser limits. My point being you don't have to parse the log (swatch). </div><div name="BB10" id="BB10_response_div_BBPPID" dir="auto" style="width: 100%; padding: initial; font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);"><br></div><div name="BB10" id="BB10_response_div_BBPPID" dir="auto" style="width: 100%; padding: initial; font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);"><br></div>                                                                                                                                      <div name="BB10" dir="auto" style="width: 100%; padding: initial; font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);"> <br style="display:initial"></div>                            <div id="blackberry_signature_BBPPID" name="BB10" dir="auto">     <div name="BB10" dir="auto" style="padding: initial; font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);"></div> </div></div><div id="_original_msg_header_BBPPID" dir="auto">                                                                                                                                             <table width="100%" style="background-color: white; border-spacing: 0px; display: table; outline: none;" contenteditable="false"> <tbody><tr><td colspan="2" style="padding: initial; font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);">                           <div style="border-right: none; border-bottom: none; border-left: none; border-image: initial; border-top: 1pt solid rgb(181, 196, 223); padding: 3pt 0in 0in; font-family: Tahoma, "BB Alpha Sans", "Slate Pro"; font-size: 10pt;">  <div id="from"><b>From:</b> anoopalias01@gmail.com</div><div id="sent"><b>Sent:</b> August 1, 2017 8:26 PM</div><div id="to"><b>To:</b> nginx@nginx.org</div><div id="reply_to"><b>Reply-to:</b> nginx@nginx.org</div><div id="subject"><b>Subject:</b> Re: nginx limit_req and limit_conn not working to prevent DoS attack</div></div></td></tr></tbody></table><div style="border-right: none; border-bottom: none; border-left: none; border-image: initial; border-top: 1pt solid rgb(186, 188, 209); display: block; padding: initial; font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);"></div> <br> </div><!--start of _originalContent --><div name="BB10" dir="auto" style="background-image: initial; line-height: initial; outline: none;" contenteditable="false"><div dir="ltr">You can use an external tool to parse Nginx error log and block the IP in iptables/netfilter </div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Aug 2, 2017 at 7:43 AM, Phani Sreenivasa Prasad <span dir="ltr"><<a href="mailto:nginx-forum@forum.nginx.org">nginx-forum@forum.nginx.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 0.8ex;border-left:1px #ccc solid;padding-left:1ex">I assume it would help dropping connections . since we are setting rate<br>
limit per ip and any client IP which is suspicious by sending requests in<br>
bulk(lets say 10000 connections/requests), it makes sense to not to accept<br>
connections/requests from that IP.<br>
<br>
Thoughts ??<br>
<br>
Posted at Nginx Forum: <a href="https://forum.nginx.org/read.php?2,275796,275798#msg-275798">https://forum.nginx.org/read.<wbr>php?2,275796,275798#msg-275798</a><br>
<div class="HOEnZb"><div class="h5"><br>
______________________________<wbr>_________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org">nginx@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx">http://mailman.nginx.org/<wbr>mailman/listinfo/nginx</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"><div><b>Anoop P Alias</b> <div><br></div></div></div></div>
</div>
<!--end of _originalContent --></div></body></html>