DDoS protection module suggestion

Weibin Yao nbubingo at gmail.com
Fri Nov 5 05:18:13 MSK 2010


malte at 2010-11-5 3:47 wrote:
> Redd Vinylene Wrote:
> -------------------------------------------------------
>   
>> Just real quick:
>>
>> What about one of the BSDs and pf? The latter is
>> said to be the world's best
>> firewall. Real elegant syntax too:
>>
>> block quick from 
>>
>> pass in on $ext_if inet proto tcp from any to any
>> port 80 keep state
>> (max-src-conn 100, max-src-conn-rate 15/5,
>> overload  flush
>> global)
>>
>> That takes care of all my DDoS protection needs.
>> Some of y'all mentioned big
>> guns though, I don't know about that.
>>     
>
> OpenBSDs PF is indeed the worlds finest software based firewall, I'll be
> the first to say. I think Linux should throw out IP tables and go for a
> PF port, but I digress.
>
> I haven't tried mitigating a big DDoS with PF, and I don't know if it
> would fare any better once it has say 50k individual IPs to block. But
> to me that is kind of beside the point. If I am not mistaken, a well
> written nginx module would be the immensely helpful when faced with the
> kind of DDoS I had on me last week.
>
> If I can't find anyone interested in writing it I might have a whack at
> it myself next time I get some spare time.
>   
We are facing the similar DDOS situation to you. I'm developing a module 
which can deny the individual IPs. The module can get the IPs with a 
POST request from a commander server in the intranet. If you have some 
suggestions, you can contact to me.

The module will be here: 
https://github.com/yaoweibin/nginx_limit_access_module, but I need some 
more days to finish it.
> Posted at Nginx Forum: http://forum.nginx.org/read.php?2,147105,147721#msg-147721
>
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://nginx.org/mailman/listinfo/nginx
>
>   


-- 
Weibin Yao




More information about the nginx mailing list