limit_req with IP whitelisting
LeMaitre
nginx-forum at nginx.us
Wed Jul 6 22:43:52 MSD 2011
Hello Maxim,
I have tried and I got error 403.
http {
...
geo $nolimit {
default 0;
10.0.0.0/24 1; # my network
192.168.0/24 1; #my network
}
limit_req_zone $binary_remote_addr zone=ratezone:10m rate=5r/s;
...
server {
location / {
error_page 418 = @nolimit;
if ($nolimit) {
return 418;
}
limit_req zone=ratezone burst=10 nodelay;
index.html index.php;
if (!-f $request_filename) {
rewrite ^/(.*)$ /index.php last;
}
}
location @nolimit {
}
...
}
Is it right?
My goal is to block/reduce some DDoS without disturbing the internal
subnet network.
P.S: I'm using geoip to redirect some country to a static file but from
time to time there's some botnet on the allowed county.
Thanks in advance
Posted at Nginx Forum: http://forum.nginx.org/read.php?2,211989,211991#msg-211991
More information about the nginx
mailing list