I have this simple Nginx configuration:
server {
listen 80;
server_name example.com;
rewrite ^(.*) http://www.example.com$1 permanent;
}
server {
listen 80;
server_name www.example.com;
access_log /var/log/nginx/www.example.com.access.log;
error_log /var/log/nginx/www.example.com.error.log;
root /var/www/example.com/;
location / {
index index.html index.php;
}
location ~ \.php$ {
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/example.com/$fastcgi_script_name;
}
}
it is the time to prevent flooding(dos) attacks. I would like to implement those two rules:
1) I would block more then 3 requests per second for PHP requests.
example:
www.example.com/page.php
www.example.com/page.php
www.example.com/page.php
www.example.com/page.php (blocks it stop if it is within the second)
2) I would block more then 3 request per second for the same resource
www.example.com/img.jpg
www.example.com/img.jpg
www.example.com/img.jpg
www.example.com/img.jpg (blocks it stop if it is within the second)
My goal is to completly blocks the requests, I say that because i saw nodelay param returns 503 to attackers. In this case if the limit is reached I surelly know that it's an attack, so I want to block the response. With "block" I mean that I do not want to send 503 message, I want that NGINX drops the connections without sending nothing.
How can I optimize this configuration to implement these rules?
Thank you.
Best Answer
nginx has the HttpLimitReqModule module available. You can define different zones and allowed access patterns. If a user exceeds the allowed number of accesses, 503 is returned.