Protection against massiv requests from single server / ip

Alexander Kunz adk1601 at gmx.de
Mon Feb 1 19:30:55 MSK 2010


Hello Jim,

thanks for your help. I am right that HttpLimitReq and HttpLimitZone is a per user limit? Every client (ip) get this limit and not all client together?

Is $binary_remote_addr the right value if my nginx is behind haproxy? Or must i use something like X-Real-IP, i am not sure how i can debug what $binary_remote_addr includes behind haproxy, perhaps it is the haproxy ip and not the clients ip address?

Kind regards



-------- Original-Nachricht --------
> Datum: Sun, 31 Jan 2010 02:46:32 -0500
> Von: Jim Ohlstein <jim at ohlste.in>
> An: nginx at nginx.org
> Betreff: Re: Protection against massiv requests from single server / ip

> On 1/31/10 2:36 AM, adk1601 at gmx.de wrote:
> > Hello Nginx community,
> >
> > what is the best way protecting my nginx webserver against massiv
> request from single server/ips? I made some tests with openload and see one
> server with openload can fill the whole 100Mbit connection to my server.
> >
> 
> http://wiki.nginx.org/NginxHttpLimitReqModule
> 
> http://wiki.nginx.org/NginxHttpLimitZoneModule
> 
> These should do the trick for you.
> 
> 
> -- 
> Jim Ohlstein
> 
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://nginx.org/mailman/listinfo/nginx

-- 
GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT!
Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01



More information about the nginx mailing list