Keeping your Nginx limit_* Anti-DDoS behind CloudFlare's servers

c0nw0nk nginx-forum at forum.nginx.org
Tue Sep 13 09:51:36 UTC 2016


gariac Wrote:
-------------------------------------------------------
> ‎I'm assuming at this point if cookies are too much, then logins or
> captcha aren't going to happen. 
> 
> How about just blocking the offending websites at the firewall? I'm
> assuming you see the proxy and not the eyeballs at the ISP. 
> 
> I have my hacker detection schemes in nginx. I flag the clowns, yank
> the IPs every day or so, and block the IP space of any VPS, colo, etc.
> ‎I have blocked so much of the hacker IP space that I can go days
> before finding a new VPS/etc to feed the firewall. Amazon, Google
> hosting, Rackspace, Linode, Digital Ocean, Soft layer and especially
> Ubiquity/Nobis is probably 3/4 of the clowns. Machines are not
> eyeballs, or in your case, ear canals. Block 'em. 
> 
> Oh yeah, I block Cloud Flare.

That is really excessive / over the top and holds the potential to block
legitimate traffic besides with the service cloudflare offer they are fine
but it is very unknown how they handle these kind of fake proxy requests and
how many connections / limits on requests per second they allow from them.

Since you say you are building yourself a blacklist perhaps you will like
this. (especially those who are blocked for infinity)
https://en.wikipedia.org/wiki/Wikipedia:Database_reports/Range_blocks


My solution in my first post will work and is decent for what I want to
achieve I really want to know what the "$binary_" is and if I should use
that. Instead in my "limit_req" and "limit_conn" fields.

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,269502,269510#msg-269510



More information about the nginx mailing list