EK bio photo

EK

Totally not a hacker

Email Twitter Github

Mitigating DDoS Attacks with NGINX

Useful nginx configs for antiddos

Limiting the Rate of Requests

limit_req_zone $binary_remote_addr zone=one:10m rate=30r/m;
server {
    ...
    location /login.html {
        limit_req zone=one;
    ...
    }
}

Limiting the Number of Connections

limit_conn_zone $binary_remote_addr zone=addr:10m;

server {
    ...
    location /store/ {
        limit_conn addr 10;
        ...
    }
}

Closing Slow Connections

server {
    client_body_timeout 5s;
    client_header_timeout 5s;
    ...
}

Blacklisting IP Addresses

location / {
    deny 123.123.123.0/28;
    deny 123.123.123.3;
    deny 123.123.123.5;
    deny 123.123.123.7;
    ...
}

Whitelisting IP Addresses

location / {
    allow 192.168.1.0/24;
    deny all;
    ...
}

Blocking Requests

location /foo.php {
    deny all;
}

location / {
    if ($http_user_agent ~* foo|bar) {
        return 403;
    }
    ...
}

Limiting Connections to Back-Ends

upstream website {
    server 192.168.100.1:80 max_conns=200;
    server 192.168.100.2:80 max_conns=200;
    queue 10 timeout=30s;
}
EK bio photo

EK

Totally not a hacker

Email Twitter Github

Mitigating DDoS Attacks with NGINX was published on and last modified on .