欢迎您,零度科技专业海外服务器租用
公司电话: 24小时电话: 

当前位置:首页>帮助教程>Linux 系统教程

目录导航

转老外一篇NGINX 防DDOS配置

添加于 2014-09-18  
Linux 系统教程
FreeBSD, network card: Intel fxp, port: 100Мбит, polling, http accept-filter.
in sysctl:
sysctl kern.maxfiles=90000
           sysctl kern.maxfilesperproc=80000
           sysctl net.inet.tcp.blackhole=2
           sysctl net.inet.udp.blackhole=1
           sysctl kern.polling.burst_max=1000
           sysctl kern.polling.each_burst=50
           sysctl kern.ipc.somaxconn=32768
           sysctl net.inet.tcp.msl=3000
           sysctl net.inet.tcp.maxtcptw=40960
           sysctl net.inet.tcp.nolocaltimewait=1
           sysctl net.inet.ip.portrange.first=1024
           sysctl net.inet.ip.portrange.last=65535
           sysctl net.inet.ip.portrange.randomized=0
in nginx configuration:
worker_processes 1;
           worker_rlimit_nofile 80000;
           events {
               worker_connections 50000;
           }

           server_tokens off;
           log_format IP `$remote_addr';
           reset_timedout_connection on;

           listen  xx.xx.xx.xx:80  default rcvbuf=8192 sndbuf=16384 backlog=32000 accept_filter=httpready;
In the following way it is possible to realize filtration of url, in example for POST
index.php?action=login which is with empty referral.
set $add 1;
           location /index.php {
                   limit_except GET POST {
                        deny all;
               }
               set $ban "";
               if ($http_referer = "" ) {set $ban $ban$add;}
               if ($request_method = POST ) {set $ban $ban$add;}
               if ($query_string = "action=login" ){set $ban $ban$add;}
               if ($ban = 111 ) {
                   access_log /var/log/[133]nginx/ban IP;
                   return 404;
               }
               proxy_pass http://127.0.0.1:8000; #here is a patch
           }
Further we cut it at pf level – loaded into IP table, hosts from which came too many hits.
PF with tables works very quickly. Sources for parsing of logs (ddetect) you can find on http://www.comsys.com.ua/files
Then Cron used once in a minute, to add into ip tables new IPs from a log.
25 Mbyte DDoS, which cuts IPs, the rests fall on nginx which by it is criterion pass IPs and the rests passed on the apache – LA 0, site works.

零度科技原文链接:http://www.ldisp.com/a/linux/2014/nginx-ddos-attack.shtml

上一篇:shell脚本执行传递参数的方式-getopts
下一篇:nginx rewrite规则和实例

 
了解零度?

零度科技主营全球服务器租用,如果您有服务器租用需求请联系

海外服务器租用

推荐香港、美国、韩国。提供站群服务器、高防服务器租用

海外特价服务器

关注零度特价服务器频道,了解全球特价服务器。

1

业务咨询

    技术服务

      特价活动
        全站搜索
        热门搜索:
        会员
        0通知
        客服
        0特价
        搜索
        TOP
        香港高防服务器,远程桌面,韩国服务器,nginx,反向代理