444 return code and rate limiting

[c0nw0nk]

It is a response by the time the 444 is served it is to late a true DDoS is
not about what the server outputs its about what it can receive you can't
expect incoming traffic that amounts to 600Gbps to be prevented by a 1Gbps
port it does not work like that Nginx is an Application preventing any for
of DoS at an application level is a bad idea it needs to be stopped at a
router level before it hits the server to consume your receiving capacity of
1Gbps.

Adding IP address denies for DDoS to the Nginx .conf file at the application
level is to late still also the connection has been made the request headers
/ data of 100kb or less what ever the client sent has been received on your
1Gig port its already consuming your connection.

The only scenario I can think of where returning 444 is a good idea is under
a single IP flooding "DoS" because then your not increasing your ports
bandwidth output responding to someone who is opening and closing a
connection, But in this scenario its more like they are trying to make your
server DoS itself by making it max out its own outgoing bandwidth to just
their connection alone so nobody else can receive anything.

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,269873,269879#msg-269879