DDoS protection module suggestion
ken107
nginx-forum at nginx.us
Sun Dec 26 12:49:01 MSK 2010
My friend's website promoting freedom of speech in communist Vietnam has
recently been brought down by a 400k+ IP DDOS launched affirmatively by
a government-sponsored cyber army. I've been asked for some ideas, and
have had some experienced warding off some minor DDOS on my own
non-political website.
Anyway, I've read this great discussion thread and came up with an idea
that I think might work, especially for us individual webmasters who
can't afford large distributed networks that can absorb such massive
attacks. It is as follows, please let me know your thoughts:
1. Use iptables to redirect all traffic to reCaptcha validation page
- reCaptcha generation is handled by Google's distributed network
designed to withstand DDOS
- the reCaptcha validation page is therefore a static page and does not
weigh down your server's processing power
2. Once validated, the IP is added to iptables Allow list, and the user
is redirected back to homepage
- entries that have been idle for some time should be removed from the
list
Posted at Nginx Forum: http://forum.nginx.org/read.php?2,147105,161145#msg-161145
More information about the nginx
mailing list