Portal Home > Knowledgebase > Articles Database > Howto using Nginx anti ddos proxy? Help me!
Howto using Nginx anti ddos proxy? Help me!
| Posted by daicadung, 01-23-2012, 11:41 PM |
| My servers are being ddos attacks by proxy, proxy flood much to my server. I need people to a detailed guide to use nginx to solve this problem. I use nginx as reverse. Thank you very much.
|
| Posted by SeriesN, 01-23-2012, 11:45 PM |
| Do you have any sort of firewall setup?
|
| Posted by daicadung, 01-24-2012, 03:34 AM |
| no, i have . i wuant config only nginx.
|
| Posted by SeriesN, 01-24-2012, 03:38 AM |
| Without firewall I do not think nginx alone can do simething cause you need a way to block the attack not just pushing it back.
|
| Posted by daicadung, 01-24-2012, 03:44 AM |
| i have try csf firewall but not effects.My servers still down, I see a few other servers using nginx is more effective.Would you please help me solve this problem. I'm being attacked proxy proxy huge quantities. Block ip not resolve the problem.
|
| Posted by barbus, 01-24-2012, 08:02 AM |
| Do you know what kind of DDoS you have?
|
| Posted by daicadung, 01-24-2012, 08:12 AM |
| http flooder. attacker load more proxy and attack via port 80.
|
| Posted by barbus, 01-24-2012, 08:20 AM |
| What about bandwidth?
|
| Posted by daicadung, 01-24-2012, 08:23 AM |
| my bandwidth greatly increased
|
| Posted by barbus, 01-24-2012, 08:45 AM |
| Do you have any numbers related to the current bandwidth?
|
| Posted by daicadung, 01-24-2012, 08:47 AM |
| After each attack, my bandwidth increased about 500-600M
|
| Posted by Infinitnet, 01-24-2012, 11:38 AM |
| You won't be able to block 600+Mbit with NGINX. If you've got good hardware and an uplink of at least 1Gbit, it would be possible to block this with LiteSpeed and a proper configuration.
|
| Posted by daicadung, 01-24-2012, 12:16 PM |
| Sorry for the confusion above, I come from VietNam language do you misunderstood my idea. My servers are not subject to 600Mbit simultaneously at the same time.Latest features observed from my visit to that, the packet size 1000B and from many different ip. At the end of my attacks of loss of 600M bandwidth. 600M not take the same time. Can you guide me more to use LiteSpeed solve this problem?
Thank you very much!
|
| Posted by Infinitnet, 01-24-2012, 01:27 PM |
| Okay, if it's only a small bandwidth attacks, it might work with an NGINX Reverse Proxy. On the server running NGINX, save the following script as ddos.rb and run it with "ruby ddos.rb":
This will block IPs with more than 25 concurrent connections using IPTables. Also change the NGINX workers in your NGINX config from 1 to the number of CPUs your Reverse Proxy server has, like 4 for a quad core and restart NGINX.
Add the following kernel settings to your /etc/sysctl.conf and execute "sysctl -p":
If that solution doesn't work, you will need to forget about your reverse proxy and switch your web server's web server to LiteSpeed, install fail2ban with a custom regex, use this script ruby too and also the kernel settings.
|
| Posted by daicadung, 01-24-2012, 01:41 PM |
| The first, thank you very very much.
The attack I'm having to make apache dow after a few minutes.I just found out about nginx should not really understand it, the reason why I mention nginx because the advice from my friends. I installed nginx admin but when testing, I see the status: Down.I do not know how to start it. If you have free time, I will send you information about my server for you, hope you help.
|
| Posted by Infinitnet, 01-24-2012, 03:18 PM |
| I thought you had an NGINX reverse proxy up and running already with your current setup, sorry. I've sent you a PM.
|
Add to Favourites 
Print this Article
Also Read
