i have 4 webserver behind cloudflare and a loadbalancer, nginx is the
web browser, php-fpm manage the php pages. i don’t know how to block a
simple dos attack …
i’m able to detect this attack by use the http_limit_req module from
but this is not block the attack at all, yes can mitigate but webservers
are hit and hit again, and php-fpm goes to 80% and in a minute the
website is unreachable.
i’m trying to find a way to block this kind of request.
i know how to block certain ip address or certain useragent with nginx
but i want to do it automatically. I think that i cannot block the ip
with iptables because the request come from the loadbalancer but i’m
still able to detect the correct ip address with the set_real_ip_from
and real_ip_header X-Forwarded-For with nginx.
i have the log file (error.log) filled with the correct ip address as
you can see:
Someone have an idea and can teach me how to block automatically this
thanks in advance!
Posted at Nginx Forum: