Hi Grant Glad you have it working now, so sorry I forgot to include the actual lines used in the host sites config files which is:
IN SITE CONF FILE: ----------------------------- limit_conn addr 200; limit_req zone=flood burst=200 nodelay; IN NGINX CONF FILE: ——————————————— limit_req_zone $ratelimited zone=flood:50m rate=90r/s limit_conn_zone $ratelimited zone=addr:50m; I have found this to work beautifully and accurately and not interrupt a true visitor, spider or bot in any way. Once someone starts hammering the site they get rate limited. I do not have a problem with available bandwidth, ram or cpu and I run many sites so I am only keeping out those that are really trying to hammer a site. Obviously if bandwidth, cpu’s and RAM are limited you may want to tune down what I have but the above simply allows everything to run smoothly every day on very busy web sites. This is on a server with 64Gb Ram, 2 x 6 Core Cpu’s and it literally idles along all day every day. Once every few days there is a big spike in the Nginx graphs on Munin when someone is hammering a site and being rate limited, often just an aggressive wp-login attack. Hope that helps KR Mitchell From: Grant <[email protected]> Date: 11 September 2016 at 7:45:46 PM To: Mitchell Krog Photography <[email protected]> Cc: [email protected] <[email protected]> Subject: Re: [Fail2ban-users] nginx-limit-req config > You must test things like this thoroughly and monitor your logs extensively. > Finding this sweet spot took me a matter of a dedicated few hours and then a > few more days to make sure it was working 100%. That's what I've just finished doing. :) The working config is (surprisingly) barely different from I was using: limit_req zone=lr_zone burst=2 nodelay; limit_req_zone $binary_remote_addr zone=lr_zone:10m rate=1r/s; Although I do have burst=5 in a couple locations. I've been monitoring and I like what I see. Some real users get limited but always because they got *really* tap happy on their phone because they didn't want to wait for the page to load. Do you use limit_conn_zone and limit_conn too? > These rate rules below: > > limit_req_zone $ratelimited zone=flood:50m rate=90r/s > limit_conn_zone $ratelimited zone=addr:50m; I don't follow your config. Do you have rates behind the $ratelimited variable that you don't want to post? I wouldn't blame you. - Grant
------------------------------------------------------------------------------
_______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
