Blocking tens of thousands of IP's

lists at lazygranch.com lists at lazygranch.com
Tue Nov 1 22:47:08 UTC 2016


‎
  Original Message  
From: Cox, Eric S
Sent: Tuesday, November 1, 2016 3:35 PM
To: nginx at nginx.org
Reply To: nginx at nginx.org
Subject: RE: Blocking tens of thousands of IP's

Currently we track all access logs realtime via an in house built log aggregation solution. Various algorithms are setup to detect said IPS whether it be by hit rate, country, known types of attacks etc. These IPS are typically identified within a few mins and we reload to banned list every 60 seconds. We just moved some services from apache where we were doing this without any noticable performance impact. Have this working in nginx but was looking for general suggestion on how to optimize if at all possible. 
-----------

You would have to reload/restart nginx to block dynamically.  That alone might be the CPU hit. 
‎




More information about the nginx mailing list