參考 Mitigating DDoS Attacks with NGINX and NGINX Plus 

Limiting the Rate of Requests
attempt to login only every 2 seconds (equivalent to 30 requests per minute):

limit_req_zone $binary_remote_addr zone=one:10m rate=30r/m;

server {
...
location /login.html {
limit_req zone=one;
...
}
}

Limiting the Number of Connections
allow each client IP address to open no more than 10 connections to the /store area of your website:

limit_conn_zone $binary_remote_addr zone=addr:10m;

server {
...
location /store/ {
limit_conn addr 10;
...
}
}

Closing Slow Connections

server {
client_body_timeout 5s;
client_header_timeout 5s;
...
}

Blacklisting IP Addresses

location / {
deny 123.123.123.0/28;
...
}

Whitelisting IP Addresses

location / {
allow 192.168.1.0/24;
deny all;
...
}

Using Caching to Smooth Traffic Spikes
Blocking Requests
Limiting the Connections to Backend Servers

upstream website {
server 192.168.100.1:80 max_conns=200;
server 192.168.100.2:80 max_conns=200;
queue 10 timeout=30s;
}

Dealing with Range-Based Attacks

Handling High Loads

Identifying a DDoS Attack

Related posts 相關文章
CVE-2023-44487 HTTP/2 協定漏洞史上最大 DDoS 攻擊
More...
Cloudflare 在 2023 年第一季的 DDOS 報告
More...
NGINX Amplify 是 NGINX 的產品之一,為 NGINX 打造的監控系統
More...
比較 OpenLiteSpeed 與 Nginx 網站伺服器 Web Server 的效能
More...

作者

留言

撰寫回覆或留言

發佈留言必須填寫的電子郵件地址不會公開。