Keeping your Nginx limit_* Anti-DDoS behind CloudFlare's servers
c0nw0nk
nginx-forum at forum.nginx.org
Tue Sep 13 20:07:51 UTC 2016
itpp2012 Wrote:
-------------------------------------------------------
> c0nw0nk Wrote:
> > Yes I can't test it at the moment unfortunately with the realip
> module
> > due to the fact i use "itpp2012" Nginx builds
> > http://nginx-win.ecsds.eu/ They do not come compiled with the
> realip
> > module (for now ?)
>
> Of course this module is compiled in.
Oh in that case then in didn't work when i tried it with the following
configuration.
http {
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 104.16.0.0/12;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 131.0.72.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 199.27.128.0/21;
set_real_ip_from 2400:cb00::/32;
set_real_ip_from 2606:4700::/32;
set_real_ip_from 2803:f800::/32;
set_real_ip_from 2405:b500::/32;
set_real_ip_from 2405:8100::/32;
set_real_ip_from 2c0f:f248::/32;
set_real_ip_from 2a06:98c0::/29;
real_ip_header CF-Connecting-IP;
limit_req_zone $binary_remote_addr zone=one:10m rate=30r/m;
limit_conn_zone $binary_remote_addr zone=addr:10m;
#End http block
}
location ~ \.mp4$ {
limit_conn addr 10; #Limit open connections from same ip
limit_req zone=one; #Limit max number of requests from same ip
mp4;
limit_rate_after 1m; #Limit download rate
limit_rate 1m; #Limit download rate
root '//172.168.0.1/StorageServ1/server/networkflare/public_www';
expires max;
valid_referers none blocked networkflare.com *.networkflare.com;
if ($invalid_referer) {
return 403;
}
}
Posted at Nginx Forum: https://forum.nginx.org/read.php?2,269502,269543#msg-269543
More information about the nginx
mailing list