> I have a number of sites that are quite image heavy and employ a number of > plugins so during my testing of rate limiting I actually kept finding myself > being limited. This happened especially when working on a wordpress site in > the backend and then testing it on the front end which normally involves > refreshing just one page over and over until you get a CSS change or > something the way you want it. > > So over a period of hours I arrived at the rates I have below which never > block me out and allow me or anyone else to author away and test their > wordpress site as much as they want without ever being limited. Same applies > to multiple people perhaps viewing your site through a proxy / single IP. > > While my rates may seem high they work exceptionally well for wordpress > sites and it does really block bad bots out immediately. > > I do have another level of blocking bots and referers in Nginx using a > different rate limiting zone. That script you can use to rate limit specific > bots and user agents ie. a search engine like Baidu / Yandex which you want > to allow to index your sites but you don’t want it to go crazy. You can > check this script out here - > https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker (been > working on that for 4 months, built from the ground up and only released the > first public version just a few days ago. You will see from the commits that > it is updated almost daily) > > The rate limiting zones you and I have been discussing here are all included > in that script. > > I also do a daily "grep -E ‘limiting requests' /var/log/nginx/*.log to keep > a check on things and haven’t had one true visitor blocked out yet only the > naughty one’s.
Thanks Mitchell. With your config, how many pages is a bad bot typically able to request before they get a 503? And how many 503s before they're banned typically? - Grant ------------------------------------------------------------------------------ _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
