Blocking tens of thousands of IP's
mex
nginx-forum at forum.nginx.org
Fri Nov 4 09:43:47 UTC 2016
Hi Eric,
see my reply https://forum.nginx.org/read.php?2,270680,270757#msg-270757
we do a similar thing but keep a counter within nginx (lua_shared_dict FTW)
and export this stuff via /badass - location.
although its not realtime we have a delay of 5 sec which is enough for us
cheers,
mex
Cox, Eric S Wrote:
-------------------------------------------------------
> Currently we track all access logs realtime via an in house built log
> aggregation solution. Various algorithms are setup to detect said IPS
> whether it be by hit rate, country, known types of attacks etc. These
> IPS are typically identified within a few mins and we reload to banned
> list every 60 seconds. We just moved some services from apache where
> we were doing this without any noticable performance impact. Have this
> working in nginx but was looking for general suggestion on how to
> optimize if at all possible.
>
Posted at Nginx Forum: https://forum.nginx.org/read.php?2,270680,270758#msg-270758
More information about the nginx
mailing list