limit_req with IP whitelisting

António P. P. Almeida appa at perusio.net
Wed Jul 6 23:01:12 MSD 2011


On 6 Jul 2011 19h43 WEST, nginx-forum at nginx.us wrote:

It seems that's got nothing to do with Maxim's suggestion but with
your (apparent) lack of configuration for serving PHP files. What type
of upstream are you using:

1. Apache with mod_php?

2. php-fpm or php-cgi?

Also your block:

   if (!-f $request_filename) {
    rewrite ^/(.*)$ /index.php last;
   }

Is a deprecated way of routing the request. Use try_files. Also since
you're not using the captured pattern why the capture?

See: http://wiki.nginx.org/HttpCoreModule#try_files

--- appa



> Hello Maxim,
>
> I have tried and I got error 403.
>
> http {
> ...
> geo $nolimit {
> default 0;
> 10.0.0.0/24 1; # my network
> 192.168.0/24 1;  #my network
> }
> limit_req_zone $binary_remote_addr zone=ratezone:10m rate=5r/s;
> ...
>
> server {
> location / {
> error_page 418 = @nolimit;
> if ($nolimit) {
> return 418;
> }
> limit_req zone=ratezone burst=10 nodelay;
> index.html index.php;
> if (!-f $request_filename) {
> rewrite ^/(.*)$ /index.php last;
> }
> }
>
> location @nolimit {
> }
> ...
> }
>
>
>
> Is it right?
>
> My goal is to block/reduce some DDoS without disturbing the internal
> subnet network.
>
> P.S: I'm using geoip to redirect some country to a static file but
> from time to time there's some botnet on the allowed county.
>
>



More information about the nginx mailing list