Created
June 26, 2019 21:15
-
-
Save JuanDMeGon/a8dadff12b0bf1de5739512ac74e6b3f to your computer and use it in GitHub Desktop.
DoS and DDoS Nginx Mitigation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## | |
| # DoS and DDoS Protection Settings | |
| ## | |
| #Define limit connection zone called conn_limit_per_ip with memory size 15m based on the unique IP | |
| limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:15m; | |
| #Define limit request to 40/sec in zone called req_limit_per_ip memory size 15m based on IP | |
| limit_req_zone $binary_remote_addr zone=req_limit_per_ip:15m rate=40r/s; | |
| #Using the zone called conn_limit_per_ip with max 40 connections per IP | |
| limit_conn conn_limit_per_ip 40; | |
| #Using the zone req_limit_per_ip with an exceed queue of size 40 without delay for the 40 additonal | |
| limit_req zone=req_limit_per_ip burst=40 nodelay; | |
| #Do not wait for the client body or headers more than 5s (avoid slowloris attack) | |
| client_body_timeout 5s; | |
| client_header_timeout 5s; | |
| send_timeout 5; | |
| #Establishing body and headers max size to avoid overloading the server I/O | |
| client_body_buffer_size 256k; | |
| client_header_buffer_size 2k; | |
| client_max_body_size 3m; | |
| large_client_header_buffers 2 2k; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment