Blocking tens of thousands of IP's

lists at lists at
Tue Nov 1 22:47:08 UTC 2016

  Original Message  
From: Cox, Eric S
Sent: Tuesday, November 1, 2016 3:35 PM
To: nginx at
Reply To: nginx at
Subject: RE: Blocking tens of thousands of IP's

Currently we track all access logs realtime via an in house built log aggregation solution. Various algorithms are setup to detect said IPS whether it be by hit rate, country, known types of attacks etc. These IPS are typically identified within a few mins and we reload to banned list every 60 seconds. We just moved some services from apache where we were doing this without any noticable performance impact. Have this working in nginx but was looking for general suggestion on how to optimize if at all possible. 

You would have to reload/restart nginx to block dynamically.  That alone might be the CPU hit. 

More information about the nginx mailing list