some sort of attack?

Jonathan Matthews contact at jpluscplusm.com
Sat Mar 16 10:06:17 UTC 2013


On 16 March 2013 09:34, Praveen Yarlagadda <praveen.yarlagadda at gmail.com> wrote:
> Hi,
>
> I installed nginx on an EC2 instance. After few hours, I started getting
> repeated requests from a set of servers. I tried using limit_req with the
> following options:
>
> limit_req_zone $binary_remote_addr zone=ratezone:10m rate=3r/s;
> limit_req zone=ratezone burst=5 nodelay;
>
> But I found that it is not effective. If you take a look at the following
> access_log content, you would notice that the IP addresses are different. I
> don't see more than 3 requests in a sec. Another weird thing is GET requests
> are starting with "http://". I never saw it before. Is there any way I can
> filter requests or possibly throw 503?

How about

location http:// {
  access_log off;
  return 444;
}

Jonathan
-- 
Jonathan Matthews // Oxford, London, UK
http://www.jpluscplusm.com/contact.html



More information about the nginx mailing list