DDoS protection module suggestion

Weibin Yao nbubingo at gmail.com
Fri Nov 5 08:03:08 MSK 2010


Payam Chychi at 2010-11-5 12:03 wrote:
> Weibin,
>
> whats your email? ill contact you with a few things
yaoweibin AT gmail.com
> cheers
> Payam
>
> Weibin Yao wrote:
>> malte at 2010-11-5 3:47 wrote:
>>> Redd Vinylene Wrote:
>>> -------------------------------------------------------
>>>  
>>>> Just real quick:
>>>>
>>>> What about one of the BSDs and pf? The latter is
>>>> said to be the world's best
>>>> firewall. Real elegant syntax too:
>>>>
>>>> block quick from
>>>> pass in on $ext_if inet proto tcp from any to any
>>>> port 80 keep state
>>>> (max-src-conn 100, max-src-conn-rate 15/5,
>>>> overload  flush
>>>> global)
>>>>
>>>> That takes care of all my DDoS protection needs.
>>>> Some of y'all mentioned big
>>>> guns though, I don't know about that.
>>>>     
>>>
>>> OpenBSDs PF is indeed the worlds finest software based firewall, 
>>> I'll be
>>> the first to say. I think Linux should throw out IP tables and go for a
>>> PF port, but I digress.
>>>
>>> I haven't tried mitigating a big DDoS with PF, and I don't know if it
>>> would fare any better once it has say 50k individual IPs to block. But
>>> to me that is kind of beside the point. If I am not mistaken, a well
>>> written nginx module would be the immensely helpful when faced with the
>>> kind of DDoS I had on me last week.
>>>
>>> If I can't find anyone interested in writing it I might have a whack at
>>> it myself next time I get some spare time.
>>>   
>> We are facing the similar DDOS situation to you. I'm developing a 
>> module which can deny the individual IPs. The module can get the IPs 
>> with a POST request from a commander server in the intranet. If you 
>> have some suggestions, you can contact to me.
>>
>> The module will be here: 
>> https://github.com/yaoweibin/nginx_limit_access_module, but I need 
>> some more days to finish it.
>>> Posted at Nginx Forum: 
>>> http://forum.nginx.org/read.php?2,147105,147721#msg-147721
>>>
>>>
>>> _______________________________________________
>>> nginx mailing list
>>> nginx at nginx.org
>>> http://nginx.org/mailman/listinfo/nginx
>>>
>>>   
>>
>>
>
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://nginx.org/mailman/listinfo/nginx
>


-- 
Weibin Yao




More information about the nginx mailing list