DDoS protection module suggestion
姚伟斌
nbubingo at gmail.com
Sat Nov 6 04:45:19 MSK 2010
2010/11/6 malte <nginx-forum at nginx.us>
> > Maybe I could add extra variable like this:
> > if ($limit_access_deny) {
> > add_header Location http://xxxx:81/;
> > return 302;
> > }
>
> Would work nicely.
>
> > I think it's good to divide the determination from
> > the Nginx. It's hard
> > to determine the IP by single Nginx whether is
> > good or bad. Actually we
> > have 20+ reverse proxy Nginx servers in the front.
> > Each Nginx doesn't
> > known others status. In our DDOS attack, the
> > bad-IP's request rate is a
> > little higher than the normal request.
> >
> > We decide to collect the log together and analyze
> > it. I don't know the
> > payload of log collection. Maybe it's too high. We
> > have not done the
> > performance test yet. Or we should do log analysis
> > distributed in each
> > server and then collect the results together.
>
> Hms. In my set up, I have 3 machines each running nginx. They all have
> their own public IP, and I simply let DNS round robin in the requests to
> them. When I was hit, all machines were hit simultaneously, but the
> individual bots attacking each targeted one machine only.
> I take it you have some sort of load balancer in front that distributes
> your incoming traffic differently from me?
>
Yes,we use LVS in front of Nginx as the load banlancer.
>
> Posted at Nginx Forum:
> http://forum.nginx.org/read.php?2,147105,148026#msg-148026
>
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nginx.org/pipermail/nginx/attachments/20101106/b9aadeb5/attachment.html>
More information about the nginx
mailing list