DDoS protection module suggestion
Weibin Yao
nbubingo at gmail.com
Mon Dec 27 05:25:54 MSK 2010
ken107 at 2010-12-26 17:49 wrote:
> My friend's website promoting freedom of speech in communist Vietnam has
> recently been brought down by a 400k+ IP DDOS launched affirmatively by
> a government-sponsored cyber army. I've been asked for some ideas, and
> have had some experienced warding off some minor DDOS on my own
> non-political website.
>
> Anyway, I've read this great discussion thread and came up with an idea
> that I think might work, especially for us individual webmasters who
> can't afford large distributed networks that can absorb such massive
> attacks. It is as follows, please let me know your thoughts:
>
> 1. Use iptables to redirect all traffic to reCaptcha validation page
> - reCaptcha generation is handled by Google's distributed network
> designed to withstand DDOS
> - the reCaptcha validation page is therefore a static page and does not
> weigh down your server's processing power
>
> 2. Once validated, the IP is added to iptables Allow list, and the user
> is redirected back to homepage
> - entries that have been idle for some time should be removed from the
> list
>
>
You also can use my nginx_secure_cookie_module(https:
//github.com/yaoweibin/nginx_secure_cookie_module)to add some secure
cookie after reCaptcha validation.
> Posted at Nginx Forum: http://forum.nginx.org/read.php?2,147105,161145#msg-161145
>
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://nginx.org/mailman/listinfo/nginx
>
>
--
Weibin Yao
More information about the nginx
mailing list