limit_conn - block offending ips
piramida
nginx-forum at nginx.us
Thu Aug 12 19:15:00 MSD 2010
Hi forum and thanks Igor for the most amazing software;
now I have spent some time looking for a way to make use of the
limit_conn directive to block offending ip addresses, but can't seem to
figure out a way to do so.
Is there a possibility to check, inside nginx.conf, for
$limit_conn_triggered or something like that? Use case - I am protecting
a backend server with limit_conn zone_name 2; and want to collect ips
that violate that limit for blocking in the firewall. Parsing logs is a
possible but extremely ineffective solution, especially under a DDOS, so
I was looking for a way to either block violators using nginx
configuration or emit the ip address to iptables/apf/etc.
Currently I can only deny parallel requests or limit_req them, which
surely does increase the number of attackers needed to kill the server
but does not solve the problem. Somehow, I feel there should be a
solution (nginx module or directive I'm missing) which could ban based
on triggered limit_conn. Thanks for any tips :)
Posted at Nginx Forum: http://forum.nginx.org/read.php?2,119081,119081#msg-119081
More information about the nginx
mailing list