How to set the number of times an IP can be restricted in a certain period of time is a headache, especially when facing malicious ddos attacks. Among them, CC attack is a kind of DDOS (Distributed Denial of Service), and it is also a common way of website attack. Attackers constantly send a large number of data packets to the victim host through proxy servers or broilers, which leads to the exhaustion of the other server resources until it collapses.

Cc attacks generally use a limited number of IPS to frequently send data to the server to achieve the purpose of the attack. Nginx can limit the number of ip accesses in the same time period by configuring HttpLimitReqModul and HttpLimitZoneModule to prevent cc attacks.

HttpLimitReqModul is used to limit the number of connections per unit time, and the limit_req_zone and the limit_req instruction are used together to achieve the limit. Once the number of concurrent connections exceeds the specified number, it will return 503 that the service is unavailable.

HttpLimitConnModul is used to limit the number of concurrent connections of a single ip, using limit_zone and limit_conn instructions.

The difference between these two modules is that the former limits the number of connections in a period of time, while the latter limits the number of simultaneous connections.

Catalogue of articles

1httpplimitreqmodul limits the number of instances accessing the same ip in a certain period of time.

2 HttpLimitZoneModule restricts concurrent connection instances

3 nginx whitelist settings

HttpLimitReqModul limits the number of instances of the same ip access in a certain period of time.

http{

...

# Define a limit_req_zone named allips to store the session, and the memory size is 10M.

# Use $binary_remote_addr as the key to limit the average number of requests per second to 20.

# 1M can store 16000 states, and the value of rete must be an integer.

# If the request is limited to two seconds, it can be set to 30 rpm.

limit _ req _ zone $ binary _ remote _ addr zone = allips: 10m rate = 20r/s；

...

Server {

...

Location {

...

# Limit each ip to no more than 20 requests per second, and the number of leaky bucket bursts is 5.

#brust means that if 1 sec, 2 sec, 3 sec and 4 sec requests are 19,

# 25 The request of the 5th second is allowed.

# But if you send out 25 requests within 1 second, and more than 20 requests within the second second return 503 that the service is unavailable.

#nodelay, if this option is not set, strictly use the average rate to limit the number of requests.

# When there are 25 requests in 1, 5 requests will be executed in the second.

# Set nodelay, 25 requests will be executed in 1 sec.

limit _ req zone = all IPS burst = 5 nodelay；

...

}

...

}

...

}