Answer the question
In order to leave comments, you need to log in
P
P
para_noir_in_my_box2020-02-19 09:49:16
para_noir_in_my_box, 2020-02-19 09:49:16
How to set up DDoS protection for NGINX or Apache?
Periodically, very strong delays are noticed on the server and access logs grow from a large number of requests to a particular or several sites. We determine that this is a potential attack by the server's response 499 and by repeated frequent requests from the same IP.
The idea of protection is something like this: If the server responds with 499, then block this IP for 10-20 seconds.
What are the tools/settings to implement such blocking? Or maybe there are other ways and approaches?
3 answer(s)
@LostAlly
@firedragon
@jenki
A
Alexey Andreev, 2020-02-19 @LostAlly
With these attack detection parameters, I think fail2ban will suit you.
V
Vladimir Korotenko, 2020-02-19 @firedragon
If you have access to the application code, then it is better to create blacklists and quickly filter out requests already on the application.
fail2ban is a crutch for me.
S
Stanislav Bodrov, 2020-02-22 @jenki
The idea of protection is something like this: If the server responds with 499, then block this IP for 10-20 seconds.Stop pissing and cutting, fork out, find a competent specialist and a couple of competent specialists. Either get under protection (do not look at domestic defenders from attacks, one grief).
Similar questions
K
V
E
Y
T
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question