Protection against massiv requests from single server / ip
Alexander Kunz
adk1601 at gmx.de
Mon Feb 1 19:30:55 MSK 2010
Hello Jim,
thanks for your help. I am right that HttpLimitReq and HttpLimitZone is a per user limit? Every client (ip) get this limit and not all client together?
Is $binary_remote_addr the right value if my nginx is behind haproxy? Or must i use something like X-Real-IP, i am not sure how i can debug what $binary_remote_addr includes behind haproxy, perhaps it is the haproxy ip and not the clients ip address?
Kind regards
-------- Original-Nachricht --------
> Datum: Sun, 31 Jan 2010 02:46:32 -0500
> Von: Jim Ohlstein <jim at ohlste.in>
> An: nginx at nginx.org
> Betreff: Re: Protection against massiv requests from single server / ip
> On 1/31/10 2:36 AM, adk1601 at gmx.de wrote:
> > Hello Nginx community,
> >
> > what is the best way protecting my nginx webserver against massiv
> request from single server/ips? I made some tests with openload and see one
> server with openload can fill the whole 100Mbit connection to my server.
> >
>
> http://wiki.nginx.org/NginxHttpLimitReqModule
>
> http://wiki.nginx.org/NginxHttpLimitZoneModule
>
> These should do the trick for you.
>
>
> --
> Jim Ohlstein
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://nginx.org/mailman/listinfo/nginx
--
GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT!
Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01
More information about the nginx
mailing list