help with nginx
Amv_Nuga
furregtt at gmail.com
Fri Jan 24 16:14:44 UTC 2025
I have a website : https://www.solidkingsinc.com
I have the free version of Cloudflare, i use reverseproxy etc
My issue is, I have my nginx configured perfectly works fine and
everything. But I am trying to bruteforce/overload/ddos my own server and
it crashes because of a get request overload. I use pythons fetching method
and could use whatever there exist probably but as soon as i put a fetch
while loop with 10000 fetches or not even 10000, maybe 1k.It never once
gives a 429 or 403 or something. I have spent soo many hours trying to find
a way to use rate limiting with nginx but failed miserably. I dont see any
effect. It still gives 200 status code and my server overloads it doesnt
stop it. Cloudflare used to stop it and give 403, but they probably removed
that too from the free tier.
Here is my current configuration: EVERYTHING WORKS AS INTENDED EXCEPT
----------------------
worker_processes 1;
events {
worker_connections 4096;
}
http {
limit_req_zone $binary_remote_addr zone=mylimit:10m rate=2r/s;
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
log_format combined_with_limit '$remote_addr - $remote_user
[$time_local] "$request" '
'$status $body_bytes_sent
"$http_referer" '
'"$http_user_agent"
"$http_x_forwarded_for" '
'limit_status=$limit_req_status';
access_log logs/access.log combined_with_limit;
#backend
server {
listen 443 ssl;
server_name api.solidkingsinc.com;
ssl_certificate
C:/Windows/System32/drivers/etc/apissl/certificate.pem;
ssl_certificate_key
C:/Windows/System32/drivers/etc/apissl/private.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
limit_req zone=mylimit burst=10 delay=5;
proxy_pass http://localhost:1337;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_pass_request_headers on;
}
}
# Frontend
server {
listen 443 ssl;
server_name solidkingsinc.com www.solidkingsinc.com;
ssl_certificate
C:/Windows/System32/drivers/etc/ssl/certificate.pem;
ssl_certificate_key
C:/Windows/System32/drivers/etc/ssl/private.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
if ($host = solidkingsinc.com) {
return 301 https://www.solidkingsinc.com$request_uri;
}
location / {
proxy_pass http://localhost:5174;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_pass_request_headers on;
}
}
server {
listen 80;
server_name api.solidkingsinc.com solidkingsinc.com
www.solidkingsinc.com;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 444;
}
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20250124/91c6e0ed/attachment.htm>
More information about the nginx
mailing list