Vesta Control Panel - Forum

Community Forum
https://forum.vestacp.com/

* Tips * Limit DDOS risk

https://forum.vestacp.com/viewtopic.php?f=11&t=15321

Page 1 of 1

* Tips * Limit DDOS risk

Posted: Sat Sep 23, 2017 5:00 pm
by mephivio
Idea : limit 100 requests or connects per ip

vi /etc/nginx/nginx.conf

at the begining of the http, add:

#Max request per ip
limit_req_zone $binary_remote_addr zone=flood:10m rate=100r/s;
limit_req zone=flood burst=100 nodelay;
#Max Connect per ip
limit_conn_zone $binary_remote_addr zone=ddos:10m;
limit_conn ddos 100;

Then, Restart NGINX via service nginx restart

thanks to Noobunbox

Re: * Tips * Limit DDOS risk

Posted: Sun Sep 24, 2017 11:06 am
by mehargags
Good information.
Thank you

Re: * Tips * Limit DDOS risk

Posted: Sat Jun 30, 2018 7:08 pm
by hassaan
Are sure this will work fine with cloud-flare?

Re: * Tips * Limit DDOS risk

Posted: Fri Jul 06, 2018 9:49 pm
by dreiggy
hassaan wrote:
Sat Jun 30, 2018 7:08 pm
 Are sure this will work fine with cloud-flare?
I think maybe it will work if You restore original visitors IP: https://support.cloudflare.com/hc/en-us ... ith-Nginx-

Re: * Tips * Limit DDOS risk

Posted: Sat Jul 07, 2018 5:27 am
by hassaan
dreiggy wrote:
Fri Jul 06, 2018 9:49 pm
 I think maybe it will work if You restore original visitors IP: https://support.cloudflare.com/hc/en-us ... ith-Nginx-
Yes, original IP is already restoring via nginx config But I have question.

1. I have to put request limit config lines after the following code or before the following code? Does this will matter?

Code: Select all

# use any of the following two
real_ip_header CF-Connecting-IP;
2. Can you post request limit config code for Apache?

Re: * Tips * Limit DDOS risk

Posted: Sat Jul 07, 2018 10:55 pm
by dreiggy
hassaan wrote:
Sat Jul 07, 2018 5:27 am
 1. I have to put request limit config lines after the following code or before the following code? Does this will matter?

Code: Select all

# use any of the following two
real_ip_header CF-Connecting-IP;
2. Can you post request limit config code for Apache?
1. I cannot tell ;) Need to try. But I think You should add after IP restoration.
2. I too never try limiting bandwitch, but You can refer to this apache documentation article. You can try to create global include in conf.d directory for example limit_conn.conf with something like this:

Code: Select all

<Location "/">
    SetOutputFilter RATE_LIMIT
    SetEnv rate-limit 400 
    SetEnv rate-initial-burst 512
</Location>
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/