2012-03-28 07:32
采纳率: 100%
浏览 57


I have 4 webservers behind cloudflare and a loadbalancer, nginx is the webserver, php-fpm manages the php pages. I don't know how to block a simple dos attack ...

I'm able to detect this attack by using the http_limit_req module from nginx

but this is not blocking the attack at all, yes this can mitigate but webservers are hit and hit again, and php-fpm goes to 80% and in a minute the website is unreachable.

I'm trying to find a way to block this kind of request.

I know how to block certain ip address or certain useragent with nginx but i want to do it automatically. I think that I cannot block the ip with iptables because the request come from the loadbalancer :( but i'm still able to detect the correct ip address with the set_real_ip_from and real_ip_header X-Forwarded-For with nginx.

I have the log file (error.log) filled with the correct ip address as you can see:

2012/03/27 18:34:02 [error] 31234#0: *1283 limiting connections by zone "staging", client: XX.XX.XX.XXX, server:, request: "HEAD /it HTTP/1.1", host: ""

Someone have an idea and can teach me how to block automatically this ip?

图片转代码服务由CSDN问答提供 功能建议

我在cloudflare后面有4个web服务器和一个loadbalancer,nginx是webserver,php-fpm管理php页面。 我不知道如何阻止简单的dos攻击...


但这并没有阻止攻击 所有,是的,这可以减轻,但网络服务器被击中并再次被击中,并且php-fpm达到80%,并且在一分钟内网站无法访问。

我正试图找到一种方法 阻止这种请求。

我知道如何使用nginx阻止某些ip地址或某些useragent,但我想自动执行此操作。 我认为我无法使用iptables来阻止ip,因为请求来自loadbalancer :(但我仍然可以使用set_real_ip_from和real_ip_header X-Forwarded-For使用nginx来检测正确的ip地址。


2012/03/27 18:34:02 [错误] 31234#0:* 1283通过区域“staging”限制连接,客户端:XX.XX.XX.XXX,服务器,请求:“HEAD / it HTTP / 1.1”,主机:“www.xxxxxxx。 com“


  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • douhuang4166 2012-03-28 07:40

    use fail2ban for this. It's a log-file parser for many different services which can detect failed logins, etc. and then block an IP-address.


    打赏 评论

相关推荐 更多相似问题