Preventing DOS?
Neil Sheth
nsheth at gmail.com
Mon Mar 3 04:46:31 MSK 2008
Thanks! Any suggestions on good tools to look at instead?
On Sun, Mar 2, 2008 at 2:41 PM, eliott <eliott at cactuswax.net> wrote:
>
> On 3/1/08, Neil Sheth <nsheth at gmail.com> wrote:
> > Hello -
> >
> > I'm looking at ways to prevent / mitigate DOS attacks, hopefully at
> > the nginx level (using it as a reverse proxy). I see the limit zone
> > module - is this sufficient? What are some reasonable values for
> > max_clients_per_ip? Is there anything similar to apache's mod_evasive
> > module? Or other suggested mechanisms?
> >
> > Thanks!
>
> I wouldn't think that layer 7 is a good place to attempt DOS
> mitigation. If you have some high computation scripts that people
> might try to overload your server by hitting repeated (service
> overload), then maybe.. but if you are talking about a 'classic'
> network based DOS, then probably not.
>
> By that time, the system would effectively be inundated with enough
> network connections to have problems with service anyway.
>
>
More information about the nginx
mailing list