block dos attack nginx behind cloudflare and loadbalancer

Andrew Alexeev andrew at
Wed Mar 28 08:53:20 UTC 2012


On Mar 28, 2012, at 11:34 AM, ilmetu wrote:

> i have 4 webserver behind cloudflare and a loadbalancer, nginx is the
> web browser, php-fpm manage the php pages. i don't know how to block a
> simple dos attack ...
> i'm able to detect this attack by use the http_limit_req module from
> nginx
> but this is not block the attack at all, yes can mitigate but webservers
> are hit and hit again, and php-fpm goes to 80% and in a minute the
> website is unreachable.
> i'm trying to find a way to block this kind of request.
> i know how to block certain ip address or certain useragent with nginx
> but i want to do it automatically. I think that i cannot block the ip
> with iptables because the request come from the loadbalancer :( but i'm
> still able to detect the correct ip address with the set_real_ip_from
> and real_ip_header X-Forwarded-For with nginx.
> i have the log file (error.log) filled with the correct ip address as
> you can see:
> 2012/03/27 18:34:02 [error] 31234#0: *1283 limiting connections by zone
> "staging", client: XX.XX.XX.XXX, server:, request: "HEAD
> /it HTTP/1.1", host: ""
> Someone have an idea and can teach me how to block automatically this
> ip?

Can you show your limit_conn/limit_req configuration?

> thanks in advance!
> Posted at Nginx Forum:,224517,224517#msg-224517
> _______________________________________________
> nginx mailing list
> nginx at

More information about the nginx mailing list