參考 Mitigating DDoS Attacks with NGINX and NGINX Plus 

Limiting the Rate of Requests
attempt to login only every 2 seconds (equivalent to 30 requests per minute):

limit_req_zone $binary_remote_addr zone=one:10m rate=30r/m;

server {
...
location /login.html {
limit_req zone=one;
...
}
}

Limiting the Number of Connections
allow each client IP address to open no more than 10 connections to the /store area of your website:

limit_conn_zone $binary_remote_addr zone=addr:10m;

server {
...
location /store/ {
limit_conn addr 10;
...
}
}

Closing Slow Connections

server {
client_body_timeout 5s;
client_header_timeout 5s;
...
}

Blacklisting IP Addresses

location / {
deny 123.123.123.0/28;
...
}

Whitelisting IP Addresses

location / {
allow 192.168.1.0/24;
deny all;
...
}

Using Caching to Smooth Traffic Spikes
Blocking Requests
Limiting the Connections to Backend Servers

upstream website {
server 192.168.100.1:80 max_conns=200;
server 192.168.100.2:80 max_conns=200;
queue 10 timeout=30s;
}

Dealing with Range-Based Attacks

Handling High Loads

Identifying a DDoS Attack

最後修改日期: 2016 年 02 月 04 日

作者

留言

撰寫回覆或留言

發佈留言必須填寫的電子郵件地址不會公開。