Hello -
I’m looking at ways to prevent / mitigate DOS attacks, hopefully at
the nginx level (using it as a reverse proxy). I see the limit zone
module - is this sufficient? What are some reasonable values for
max_clients_per_ip? Is there anything similar to apache’s mod_evasive
module? Or other suggested mechanisms?
Thanks!
On 3/1/08, Neil S. [email protected] wrote:
Hello -
I’m looking at ways to prevent / mitigate DOS attacks, hopefully at
the nginx level (using it as a reverse proxy). I see the limit zone
module - is this sufficient? What are some reasonable values for
max_clients_per_ip? Is there anything similar to apache’s mod_evasive
module? Or other suggested mechanisms?Thanks!
I wouldn’t think that layer 7 is a good place to attempt DOS
mitigation. If you have some high computation scripts that people
might try to overload your server by hitting repeated (service
overload), then maybe… but if you are talking about a ‘classic’
network based DOS, then probably not.
By that time, the system would effectively be inundated with enough
network connections to have problems with service anyway.
Thanks! Any suggestions on good tools to look at instead?
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs