Blocking tens of thousands of IP's
mex
nginx-forum at forum.nginx.org
Fri Nov 4 09:37:43 UTC 2016
Lucas Rolff Wrote:
-------------------------------------------------------
> You could very well do a small ipset together with iptables, it's
> fast,
> and you don't have to reload for every subnet / ip you add.
we had the very same issue, 40k IPs to block daily and we came up
with ipset add / del which is fast as hell and has a build-in TTL
if you have a huge and dynamic set of ips to be blocked
this is the way you should go
cheers,
mex
Posted at Nginx Forum: https://forum.nginx.org/read.php?2,270680,270757#msg-270757
More information about the nginx
mailing list