Answer the question
In order to leave comments, you need to log in
How to protect against http flood on nginx form?
Hello! I ran into this problem:
142.93.89.190 - - [20/Dec/2020:21:47:39 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36"
142.93.80.211 - - [20/Dec/2020:21:47:39 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36"
138.68.250.33 - - [20/Dec/2020:21:47:39 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36"
104.248.71.3 - - [20/Dec/2020:21:47:39 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.117 Safari/537.36"
142.93.24.130 - - [20/Dec/2020:21:47:39 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36"
104.248.73.68 - - [20/Dec/2020:21:47:39 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.106 Safari/537.36"
104.248.74.146 - - [20/Dec/2020:21:47:40 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) snap Chromium/80.0.3987.132 Chrome/80.0.3987.132 Safari/537.36"
104.248.74.179 - - [20/Dec/2020:21:47:40 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36"
142.93.85.215 - - [20/Dec/2020:21:47:40 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36"
104.248.66.127 - - [20/Dec/2020:21:47:40 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36"
142.93.85.27 - - [20/Dec/2020:21:47:40 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36"
104.248.64.182 - - [20/Dec/2020:21:47:40 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Safari/605.1.15"
104.248.66.200 - - [20/Dec/2020:21:47:40 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36"
142.93.93.199 - - [20/Dec/2020:21:47:40 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36"
138.197.213.233 - - [20/Dec/2020:21:47:40 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36"
142.93.86.139 - - [20/Dec/2020:21:47:40 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36"
142.93.21.185 - - [20/Dec/2020:21:47:40 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.75 Safari/537.36"
142.93.82.121 - - [20/Dec/2020:21:47:40 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (Linux; Android 8.0.0; SAMSUNG SM-G930F) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/10.1 Chrome/71.0.3578.99 Mobile Safari/537.36"
104.248.73.101 - - [20/Dec/2020:21:47:40 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
180.125.102.41 - - [20/Dec/2020:21:47:40 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36"
142.93.82.159 - - [20/Dec/2020:21:47:40 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (Linux; Android 9; SM-T510) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.119 Safari/537.36"
142.93.89.190 - - [20/Dec/2020:21:47:41 +0300] "POST /login/ajax HTTP/1.1" 200 118 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36"
142.93.89.190 - - [20/Dec/2020:21:47:41 +0300] "POST /login/ajax HTTP/1.1" 200 118 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36"
142.93.24.130 - - [20/Dec/2020:21:47:41 +0300] "POST /login/ajax HTTP/1.1" 200 118 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36"
142.93.19.19 - - [20/Dec/2020:21:47:41 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (Linux; Android 10; SM-G975F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.119 Mobile Safari/537.36"
138.68.62.36 - - [20/Dec/2020:21:47:41 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36"
159.89.121.92 - - [20/Dec/2020:21:47:41 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36"
142.93.89.190 - - [20/Dec/2020:21:47:41 +0300] "POST /login/ajax HTTP/1.1" 200 118 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36"
104.248.184.65 - - [20/Dec/2020:21:47:41 +0300] "GET /login/ajax HTTP/1.1" 200 33 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.89 Safari/537.36"
142.93.89.190 - - [20/Dec/2020:21:47:41 +0300] "POST /login/ajax HTTP/1.1" 200 118 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36"
142.93.24.130 - - [20/Dec/2020:21:47:41 +0300] "POST /login/ajax HTTP/1.1" 200 118 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36"
142.93.89.190 - - [20/Dec/2020:21:47:41 +0300] "POST /login/ajax HTTP/1.1" 200 118 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36"
142.93.80.211 - - [20/Dec/2020:21:47:41 +0300] "POST /login/ajax HTTP/1.1" 200 118 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36"
142.93.21.185 - - [20/Dec/2020:21:47:41 +0300] "POST /login/ajax HTTP/1.1" 502 575 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.75 Safari/537.36"
138.68.250.33 - - [20/Dec/2020:21:47:41 +0300] "POST /login/ajax HTTP/1.1" 200 118 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36"
142.93.89.190 - - [20/Dec/2020:21:47:41 +0300] "POST /login/ajax HTTP/1.1" 200 118 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36"
142.93.86.139 - - [20/Dec/2020:21:47:41 +0300] "POST /login/ajax HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36"
142.93.93.199 - - [20/Dec/2020:21:47:41 +0300] "POST /login/ajax HTTP/1.1" 502 575 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36"
142.93.80.211 - - [20/Dec/2020:21:47:41 +0300] "POST /login/ajax HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36"
142.93.85.215 - - [20/Dec/2020:21:47:41 +0300] "POST /login/ajax HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36"
138.197.213.233 - - [20/Dec/2020:21:47:41 +0300] "POST /login/ajax HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36"
142.93.85.215 - - [20/Dec/2020:21:47:41 +0300] "POST /login/ajax HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36"
Answer the question
In order to leave comments, you need to log in
To begin with, block especially active subnets. Then, in a more relaxed environment, add captcha, optimize performance, configure fail2ban.
I have a similar situation right now. Set up ip blocking via fail2ban.
Purpose: blocking repeated requests POST /auth/login
If you repeat a request from the same ip 2 times per minute - blocking for 1 day.
In the case of a repeat in 2 days 2 times (i.e. after unlocking on the second day it is banned again), then the ban is already for 7 days.
Added to /etc/fail2ban/jail.local
[site-http]
port = http,https
action = iptables-multiport[name=CMSBLOCK, port="http,https", protocol=tcp]
filter = site-http
logpath = /var/log/apache2/site.ru_access.log
findtime = 60
bantime = 86400
maxretry = 2
[Definition]
# POST /auth/login
failregex = ^<HOST> .*POST.*/auth/login.*
[site-http]
enabled = true
[recidive]
enabled = true
logpath = /var/log/fail2ban.log
banaction = %(banaction_allports)s
bantime = 604800 ; 604800 = 7 days
findtime = 172800 ; 172800 = 2 day
maxretry = 2
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question