Correct Implementation of Ddos protection

neodjandre nginx-forum at
Mon Nov 23 16:17:26 UTC 2020

may main /etc/nginx/nginx.conf file reads: 

user www-data;
worker_processes 2;
pid /run/;
worker_rlimit_nofile 100000;

events {
        worker_connections 2048;
        multi_accept on;

http {

        # Basic Settings

client_header_buffer_size 2k;
large_client_header_buffers 2 1k;

client_body_buffer_size 10M;
client_max_body_size 10M;

client_body_timeout 12;
client_header_timeout 12;
keepalive_timeout 15;
send_timeout 10;

limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m;
limit_req_zone $binary_remote_addr zone=req_limit_per_ip:10m rate=50r/s;

server {
    limit_conn conn_limit_per_ip 10;
    limit_req zone=req_limit_per_ip burst=10 nodelay;

        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        types_hash_max_size 2048;
        server_tokens off;

        # server_names_hash_bucket_size 64;
        # server_name_in_redirect off;

        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        # Virtual Host Configs

        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;


My websites server blocks are included within:   include

Is the server block defined above going to supersede the server blocks in my
sites-enabled so that DDOS protection will work as expected?

many thanks

Posted at Nginx Forum:,290029,290029#msg-290029

More information about the nginx mailing list