Attempt to block DOS attacks
It happened today that someone has tried to download every version of every extension in TER. Intentional or not, however this can stop the whole site from working (which happened today until I blocked the client).
What we need is some module that blocks clients automatically after a number of requests within a defined timeframe.
- Collect software that can help us here
- Define limits
#5 Updated by Andri Steiner about 3 years ago
- This file was autogenerated. Never ever edit manually!
- nginx http connection and request limiting
- 25 conn. / IP (global)
limit_conn_zone $binary_remote_addr zone=addr:10m;
limit_req_zone $binary_remote_addr zone=small:10m rate=50r/s;
limit_req_zone $binary_remote_addr zone=medium:10m rate=150r/s;
limit_req_zone $binary_remote_addr zone=large:10m rate=500r/s;
#set default zone
limit_conn addr 50;
limit_req zone=small burst=150;