Nginx DDOS Protection by fail2ban

Posted By : Prakhar Budholiya | 15-Apr-2016

* First of all install fail2ban

# apt-get install fail2ban

 

* Now copy jail.local file to jail.conf.

# cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
# vim /etc/fail2ban/jail.local

 

*add following lines at the end of file, which defines the bantime, findtime, retries and actions.

 

[nginx-req-limit]

enabled = true
filter = nginx-req-limit
action = iptables-multiport[name=ReqLimit, port="http,https", protocol=tcp]
logpath = /var/log/nginx/*error.log
findtime = 300
bantime = 3600
maxretry = 3

save and exit

 

* Create a filter in fail2ban to block the ips

# vim /etc/fail2ban/filter.d/nginx-req-limit.conf

[Definition]
failregex = limiting requests, excess:.* by zone.*client: <HOST>

ignoreregex =

 

* Now set a limit request in nginx as-

# vim /etc/nginx/sites-available/defaut

* here define any one name of the zone, and set the burst size

   location / {
                
                limit_req zone=one burst=10;
              try_files $uri $uri/ /index.php;
           
        }

 

* Now define the limit_req_zone and rate in nginx file as-

# vim /etc/nginx/nginx.conf

        include /etc/nginx/mime.types;
        default_type application/octet-stream;
        limit_req_zone $binary_remote_addr zone=one:1m rate=1r/m;

save and exit

 

# service nginx restart

# service fail2ban restart

 

THANKS

About Author

Author Image
Prakhar Budholiya

Prakhar is a linux administrator and well versed with linux and networking. he loves horse riding and is an athlete.

Request for Proposal

Name is required

Comment is required

Sending message..