29 messages in ru.sysoev.nginxRe: DDoS protection module suggestion| From | Sent On | Attachments |
|---|---|---|
| malte | Nov 2, 2010 7:18 pm | |
| Weibin Yao | Nov 2, 2010 7:54 pm | |
| malte | Nov 2, 2010 8:21 pm | |
| pchy...@gmail.com | Nov 2, 2010 8:57 pm | |
| malte | Nov 3, 2010 2:00 pm | |
| unclepieman | Nov 3, 2010 2:14 pm | |
| Rainer Duffner | Nov 3, 2010 2:38 pm | |
| malte | Nov 3, 2010 7:22 pm | |
| malte | Nov 3, 2010 7:30 pm | |
| Redd Vinylene | Nov 4, 2010 1:48 am | |
| malte | Nov 4, 2010 12:47 pm | |
| Weibin Yao | Nov 4, 2010 7:17 pm | |
| Payam Chychi | Nov 4, 2010 9:03 pm | |
| Weibin Yao | Nov 4, 2010 10:02 pm | |
| malte | Nov 4, 2010 10:58 pm | |
| Payam Chychi | Nov 5, 2010 12:29 am | |
| Weibin Yao | Nov 5, 2010 2:32 am | |
| Weibin Yao | Nov 5, 2010 2:51 am | |
| Eugaia | Nov 5, 2010 3:36 am | |
| 姚伟斌 | Nov 5, 2010 5:47 am | |
| malte | Nov 5, 2010 9:10 am | |
| malte | Nov 5, 2010 9:15 am | |
| Payam Chychi | Nov 5, 2010 10:02 am | |
| malte | Nov 5, 2010 2:51 pm | |
| malte | Nov 5, 2010 2:52 pm | |
| 姚伟斌 | Nov 5, 2010 6:44 pm | |
| ken107 | Dec 26, 2010 1:48 am | |
| Weibin Yao | Dec 26, 2010 6:25 pm | |
| Waleed G. | Mar 25, 2012 10:03 am |
| Subject: | Re: DDoS protection module suggestion | |
|---|---|---|
| From: | ken107 (ngin...@nginx.us) | |
| Date: | Dec 26, 2010 1:48:26 am | |
| List: | ru.sysoev.nginx | |
My friend's website promoting freedom of speech in communist Vietnam has recently been brought down by a 400k+ IP DDOS launched affirmatively by a government-sponsored cyber army. I've been asked for some ideas, and have had some experienced warding off some minor DDOS on my own non-political website.
Anyway, I've read this great discussion thread and came up with an idea that I think might work, especially for us individual webmasters who can't afford large distributed networks that can absorb such massive attacks. It is as follows, please let me know your thoughts:
1. Use iptables to redirect all traffic to reCaptcha validation page - reCaptcha generation is handled by Google's distributed network designed to withstand DDOS - the reCaptcha validation page is therefore a static page and does not weigh down your server's processing power
2. Once validated, the IP is added to iptables Allow list, and the user is redirected back to homepage - entries that have been idle for some time should be removed from the list
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,147105,161145#msg-161145
_______________________________________________ nginx mailing list ngi...@nginx.org http://nginx.org/mailman/listinfo/nginx