How to Prevent a DDoS Attack with Nginx – pcinfo

Distributed Denial of Service, or "DDoS" attacks, use terrible digital communication tactics to isolate server resources. This type of attack is an organized attack in the computer world. Numerous annoying anti-similar behaviors combine to create enough threats to keep track of seasoned servers. Best of all, there are many ways to wage a guerrilla web war like a server without a doubt. Luckily the server can be configured to fight back.

Nginx, a widely used server system for Unix machines, has enough built-in features to greatly limit the effects of DDoS attacks.

Here are some effective options: Handling these threats on Nginx-powered servers:

Back up configuration files

Perform a quick backup before changing any settings in your server configuration.

  Nginx Copy Config

You are ready to go once.

Traffic Checking [19659006] Watching traffic on the server can help optimize security and implement additional tactics. Nginx has a module built specifically for this.

Status Page Settings

Nginx generally comes with a module called "Stub Status" (http_stub_status_module) that allows you to easily integrate this kind of functionality into your server environment. . First check using the following command:

 Nginx finder module

Or grep the pipe above to find it faster.

  Nginx Grep Module

If the output equals the above, go well; Otherwise, you will need to reinstall or recompile your Nginx installation using the included modules.

Setting up a viewable status page is simple, but you should restrict access to the minimum (computer). Keep it safe Start by opening the server's default configuration file in "/etc/nginx/nginx.conf".

 Nginx configuration file

Open the file and add the following code to the "http directive". Activate the module by substituting your own information instead of "localhost", "/ status_page" and "127.0.0.1".

Note : You need sudo permission to modify this file.

 Nginx status code

Now configuration test:

 Nginx test configuration

If everything is OK, send a reload signal to the server.

  Nginx Reload Server

To access the status page, visit the server_name location in a web browser or by using a command-line tool such as curl, and then enter "/ status_page". Please visit. (This is useful if the browser cache does not update automatically.) Here is the curl command to access the page in the example.

  Nginx curl status

The above image in the browser looks like the following image.

 Nginx browser status

Access log check

If you see abnormal traffic when checking the status page configured above, we recommend that you check the server's access log. You can find it in "/var/log/nginx/access.log", which lists the HTTP method used, the date / time of the access attempt, the user agent, and the page accessed.

 Nginx Access Log

Connection Limits

One of the simplest and most effective ways to try to prevent DDoS attacks is to limit the rate of incoming traffic.

Ideally, you can prevent access by blocking access. Malicious bots overwhelm the server at inhuman speeds, while maintaining reasonable speed for human clients. In Nginx you can do this using the limit_req_zone and limit_req directives. The following code sets memory and speed limits for use in all locations configured for display by the server.

"Zone" specifies the name and size of the memory space where user requests are stored, in this case megabytes. "Rating" sets the total number of requests Nginx accepts every second (10 in this example). Think of this code as a rule and the code that uses that rule is:

The code above actually plays a bit more than implementing a restriction rule. It also adds a small queue of up to 20 requests, smoothing out legitimate connections that appear a bit faster than normal so that exceeding both rules and queues causes a 503 error on the client. In nginx.conf, the two directives look like this:

 Nginx Restriction Code

Blacklist IP Address

If you can get an IP address that is a DsoSing server, simply block it and delete all connections originating from this IP address.

Add the following code to the server directive.

Blocking requests for specific files

If a DDoS attack targets a specific file on the server (for example, a WordPress xmlrpc.php file (a highly targeted file on most WordPress servers) – block all requests Add this code to your server directive:

You can restrict most DDoS attacks by following the procedure above.Check the Nginx documentation for additional security options that you can apply.

This article Is it useful?

Leave a Reply

Your email address will not be published. Required fields are marked *