DDOS attacks are also known as distributed denial-of-service attacks, unless you really offend certain interest groups and want to crush you through DDOS attacks, otherwise the general disparate DDOS attacks can still be defended.
First of all, in Nginx, you can deal with it by limiting the number of individual IP connections, IP request frequency, and denying IP access, and the specific configuration can be referred to as follows:
1. Limit the number of connections from a single IP:
limit_conn_zone $binary_remote_addr zone=conn_zone:10m;
server {
limit_conn conn_zone 100;
}
The above configuration will limit the number of connections from the same IP to 100.
2. Limit the request rate:
limit_req_zone $binary_remote_addr zone=req_zone:10m rate=10r/s;
server {
limit_req zone=req_zone;
}
The above configuration limits the request rate of the same IP address to 10 requests per second.
3. Access Denied:
geo $bad_ips {
default 0;
2 . 2 . 2 . 2 1;
3 . 3 . 3 . 3 1;
}
server {
if ($bad_ips) {
return 404;
}
}
The above configuration can deny access to a specified IP address.
In addition, you can reject suspicious requests based on request characteristics, and enable firewalls for traffic cleaning.
If there is still no relief, further measures may be considered, such as:
1. Enable keepalive to increase the maximum number of connections per worker.
2. Enable the compression function to reduce transmission traffic and free up bandwidth.
3. Deploy CDN to distribute traffic to prevent overloading of origin servers.
4. Enable some anti-DDoS services, such as Alibaba Security
#妙笔生花创作挑战#
