New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
[Help] Detect IP and block DDOS
This discussion has been closed.
Comments
I wouldn't know. PM dotdeb on twitter and ask.
messaged.. will update if they reply
Dotdeb nginx has ngx_http_limit_req_module.
Add something like this to your http part:
limit_req_zone $binary_remote_addr zone=limit:50m rate=5r/s;
Then go to your site in sites-available and add this to one or all of the locations:
limit_req zone=limit burst=5 nodelay;
Why not install DDoS Deflate to do this automatically for you? It blocks connections that exceed 150 by default, but you can adjust that in its config file. Here's how to install it:
The configuration file is at: /usr/local/ddos/ddos.conf
To see how many connections by which IP, run: ddos
The root directory for the project is: http://www.inetbase.com/scripts/ddos/
It contains the uninstall and install files as well as many others
Many thanks for your help! It seems DDoS Deflate cant protect my site.
Does anyone what what type of DDOS? Is it HTTP Flood?
Access log here: http://pastebin.com/yrmVQiSA
Try something like this to block HTTP 1.0 from browsers that should be using http 1.1.
if ($server_protocol ~* "HTTP/1.0") {
if ($http_user_agent ~* "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) ) {
return 444;
}
}
If that does not work you could just block all HTTP 1.0 requests.
if ($server_protocol ~* "HTTP/1.0") {
return 444;
}
Please don't tell me off for using if in nginx, I'm a lighttpd fan!