Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
G
G
getpay2020-12-20 22:43:02
Nginx
getpay, 2020-12-20 22:43:02

How to protect against http flood on nginx form?

Hello! I ran into this problem:

142.93.89.190 - - [20/Dec/2020:21:47:39 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36"
142.93.80.211 - - [20/Dec/2020:21:47:39 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36"
138.68.250.33 - - [20/Dec/2020:21:47:39 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36"
104.248.71.3 - - [20/Dec/2020:21:47:39 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.117 Safari/537.36"
142.93.24.130 - - [20/Dec/2020:21:47:39 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36"
104.248.73.68 - - [20/Dec/2020:21:47:39 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.106 Safari/537.36"
104.248.74.146 - - [20/Dec/2020:21:47:40 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) snap Chromium/80.0.3987.132 Chrome/80.0.3987.132 Safari/537.36"
104.248.74.179 - - [20/Dec/2020:21:47:40 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36"
142.93.85.215 - - [20/Dec/2020:21:47:40 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36"
104.248.66.127 - - [20/Dec/2020:21:47:40 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36"
142.93.85.27 - - [20/Dec/2020:21:47:40 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36"
104.248.64.182 - - [20/Dec/2020:21:47:40 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Safari/605.1.15"
104.248.66.200 - - [20/Dec/2020:21:47:40 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36"
142.93.93.199 - - [20/Dec/2020:21:47:40 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36"
138.197.213.233 - - [20/Dec/2020:21:47:40 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36"
142.93.86.139 - - [20/Dec/2020:21:47:40 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36"
142.93.21.185 - - [20/Dec/2020:21:47:40 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.75 Safari/537.36"
142.93.82.121 - - [20/Dec/2020:21:47:40 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (Linux; Android 8.0.0; SAMSUNG SM-G930F) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/10.1 Chrome/71.0.3578.99 Mobile Safari/537.36"
104.248.73.101 - - [20/Dec/2020:21:47:40 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
180.125.102.41 - - [20/Dec/2020:21:47:40 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36"
142.93.82.159 - - [20/Dec/2020:21:47:40 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (Linux; Android 9; SM-T510) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.119 Safari/537.36"
142.93.89.190 - - [20/Dec/2020:21:47:41 +0300] "POST /login/ajax HTTP/1.1" 200 118 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36"
142.93.89.190 - - [20/Dec/2020:21:47:41 +0300] "POST /login/ajax HTTP/1.1" 200 118 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36"
142.93.24.130 - - [20/Dec/2020:21:47:41 +0300] "POST /login/ajax HTTP/1.1" 200 118 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36"
142.93.19.19 - - [20/Dec/2020:21:47:41 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (Linux; Android 10; SM-G975F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.119 Mobile Safari/537.36"
138.68.62.36 - - [20/Dec/2020:21:47:41 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36"
159.89.121.92 - - [20/Dec/2020:21:47:41 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36"
142.93.89.190 - - [20/Dec/2020:21:47:41 +0300] "POST /login/ajax HTTP/1.1" 200 118 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36"
104.248.184.65 - - [20/Dec/2020:21:47:41 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.89  Safari/537.36"
142.93.89.190 - - [20/Dec/2020:21:47:41 +0300] "POST /login/ajax HTTP/1.1" 200 118 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36"
142.93.24.130 - - [20/Dec/2020:21:47:41 +0300] "POST /login/ajax HTTP/1.1" 200 118 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36"
142.93.89.190 - - [20/Dec/2020:21:47:41 +0300] "POST /login/ajax HTTP/1.1" 200 118 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36"
142.93.80.211 - - [20/Dec/2020:21:47:41 +0300] "POST /login/ajax HTTP/1.1" 200 118 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36"
142.93.21.185 - - [20/Dec/2020:21:47:41 +0300] "POST /login/ajax HTTP/1.1" 502 575 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.75 Safari/537.36"
138.68.250.33 - - [20/Dec/2020:21:47:41 +0300] "POST /login/ajax HTTP/1.1" 200 118 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36"
142.93.89.190 - - [20/Dec/2020:21:47:41 +0300] "POST /login/ajax HTTP/1.1" 200 118 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36"
142.93.86.139 - - [20/Dec/2020:21:47:41 +0300] "POST /login/ajax HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36"
142.93.93.199 - - [20/Dec/2020:21:47:41 +0300] "POST /login/ajax HTTP/1.1" 502 575 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36"
142.93.80.211 - - [20/Dec/2020:21:47:41 +0300] "POST /login/ajax HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36"
142.93.85.215 - - [20/Dec/2020:21:47:41 +0300] "POST /login/ajax HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36"
138.197.213.233 - - [20/Dec/2020:21:47:41 +0300] "POST /login/ajax HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36"
142.93.85.215 - - [20/Dec/2020:21:47:41 +0300] "POST /login/ajax HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36"


It can be seen how the response of the nginx server after a short time is already giving 502, how to fix it?
nginx config is default.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
K
ky0, 2020-12-21
@ky0

To begin with, block especially active subnets. Then, in a more relaxed environment, add captcha, optimize performance, configure fail2ban.

Report
K
Konstantin, 2021-02-18
@webmaster

I have a similar situation right now. Set up ip blocking via fail2ban.
Purpose: blocking repeated requests POST /auth/login
If you repeat a request from the same ip 2 times per minute - blocking for 1 day.
In the case of a repeat in 2 days 2 times (i.e. after unlocking on the second day it is banned again), then the ban is already for 7 days.
Added to /etc/fail2ban/jail.local

[site-http]
port = http,https
action = iptables-multiport[name=CMSBLOCK, port="http,https", protocol=tcp]
filter = site-http
logpath = /var/log/apache2/site.ru_access.log
findtime = 60
bantime = 86400
maxretry = 2

86400 is 1 day in seconds
Created a file /etc/fail2ban/filter.d/site-http.conf with the content:
[Definition]
# POST /auth/login
failregex = ^<HOST> .*POST.*/auth/login.*

In /etc/fail2ban/jail.d/defaults-debian.conf added
[site-http]
enabled = true

To configure recurrence ban:
In /etc/fail2ban/jail.local change
[recidive]
enabled = true
logpath  = /var/log/fail2ban.log
banaction = %(banaction_allports)s
bantime  = 604800  ; 604800 = 7 days
findtime = 172800   ; 172800 = 2 day
maxretry = 2

Similar questions
V
verycooldev2018-07-04 13:48:04
Are If-Modified-Since and Etag interchangeable? What to use (or both)? 1Reply
N
Nemby2016-02-18 13:52:36
How to install and configure LEMP (nginx) for CMS MODX on Debian 8? 1Reply
E
Evgeny Shevtsov2016-02-18 14:54:23
How to increase the maximum number of characters in a url? 0Reply
V
vjufvufcgyf2020-07-04 17:56:16
How not to display php code, but execute it (nginx)? 2Reply
W
wlms2020-07-05 09:39:49
Why is caching not reset even when changing filenames? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question