We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
* Tips * Limit DDOS risk
* Tips * Limit DDOS risk
Idea : limit 100 requests or connects per ip
vi /etc/nginx/nginx.conf
at the begining of the http, add:
#Max request per ip
limit_req_zone $binary_remote_addr zone=flood:10m rate=100r/s;
limit_req zone=flood burst=100 nodelay;
#Max Connect per ip
limit_conn_zone $binary_remote_addr zone=ddos:10m;
limit_conn ddos 100;
Then, Restart NGINX via service nginx restart
thanks to Noobunbox
vi /etc/nginx/nginx.conf
at the begining of the http, add:
#Max request per ip
limit_req_zone $binary_remote_addr zone=flood:10m rate=100r/s;
limit_req zone=flood burst=100 nodelay;
#Max Connect per ip
limit_conn_zone $binary_remote_addr zone=ddos:10m;
limit_conn ddos 100;
Then, Restart NGINX via service nginx restart
thanks to Noobunbox
-
- Support team
- Posts: 1096
- Joined: Sat Sep 06, 2014 9:58 pm
- Contact:
- Os: Debian 8x
- Web: apache + nginx
Re: * Tips * Limit DDOS risk
Good information.
Thank you
Thank you
Re: * Tips * Limit DDOS risk
Are sure this will work fine with cloud-flare?
Re: * Tips * Limit DDOS risk
I think maybe it will work if You restore original visitors IP: https://support.cloudflare.com/hc/en-us ... ith-Nginx-
Re: * Tips * Limit DDOS risk
Yes, original IP is already restoring via nginx config But I have question.dreiggy wrote: ↑Fri Jul 06, 2018 9:49 pmI think maybe it will work if You restore original visitors IP: https://support.cloudflare.com/hc/en-us ... ith-Nginx-
1. I have to put request limit config lines after the following code or before the following code? Does this will matter?
Code: Select all
# use any of the following two
real_ip_header CF-Connecting-IP;
Re: * Tips * Limit DDOS risk
1. I cannot tell ;) Need to try. But I think You should add after IP restoration.hassaan wrote: ↑Sat Jul 07, 2018 5:27 am1. I have to put request limit config lines after the following code or before the following code? Does this will matter?
2. Can you post request limit config code for Apache?Code: Select all
# use any of the following two real_ip_header CF-Connecting-IP;
2. I too never try limiting bandwitch, but You can refer to this apache documentation article. You can try to create global include in conf.d directory for example limit_conn.conf with something like this:
Code: Select all
<Location "/">
SetOutputFilter RATE_LIMIT
SetEnv rate-limit 400
SetEnv rate-initial-burst 512
</Location>