cPnginx and Danginx can use to protect the HTTP DDOS as follows,
Edit the file /etc/sysctl.conf and increase the openfile limits. Add the following line,
fs.file-max = 700000
Edit /etc/security/limits.conf and add the following lines,
nobody soft nofile 100000
nobody hard nofile 500000
Now apply the sysctl configuration using the following command .
# sysctl -p
Now edit the /usr/local/nginx/conf/nginx.conf file and add the following line.
worker_rlimit_nofile 50000;
1) Add the following sysctl parameters,
—————
net.ipv4.tcp_syncookies = 1
# source validation / reversed path
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
kernel.pid_max = 65536
net.ipv4.ip_local_port_range = 9000 65000
————–
2) Use the RateLimit module , http://wiki.nginx.org/HttpLimitZoneModule It must be placed inside http block
—————–
limit_zone slimits $binary_remote_addr 10m;
limit_conn slimits 10;
——————
3) You can also use the following too,
—————-
limit_req_zone $binary_remote_addr zone=slimitss:10m rate=1r/s;
limit_req zone=slimitss burst=10;
That’s it !!
No comments:
Post a Comment