Shulou(Shulou.com)06/01 Report--

This article is about how to configure Nginx to defend against cc attacks. The editor thinks it is very practical, so share it with you as a reference and follow the editor to have a look.

Ddos attacks: distributed denial of service attacks are attacks that use a large number of broilers or fake IP to launch a large number of server requests and finally lead to server paralysis.

Cc attack: similar to ddos attack, but it is mainly characterized by a large number of page requests, so the traffic is small, but it can lead to page access.

Use the configuration of Nginx for simple defense against cc attacks

=

Mainly through nginx and lua to cooperate to achieve the purpose of defense.

1. Nginx compilation supports lua

-

1. Download lua-nginx-module

Wget https://github.com/openresty/lua-nginx-module/archive/master.zipunzip master.zip

two。 Compile

#. / configure\-user=nginx\-group=nginx\-prefix=/usr/local/gacp/nginx\-error-log-path=/data/logs/nginx/error/error.log\-http-log-path=/data/logs/nginx/access/access.log\-pid-path=/usr/local/gacp/nginx/conf/nginx.pid\-lock-path=/var/lock/nginx.lock\-with-http_flv_module\-with-http_stub_status_module \-with-http_ssl_module\-with-pcre\-with-http_realip_module\-with-http_gzip_static_module\-with-google_perftools_module\-with-file-aio\-add-module=../ngx_cache_purge-2.3\-add-module=../lua-nginx-module-master# make & & make install

II. Configuration

Http {. Limit_req_zone $cookie_token zone=session_limit:3m rate=1r/s;limit_req_zone $binary_remote_addr $uri zone=auth_limit:3m rate=1r/m;} server {listen 80 * serverSecretname localhost;access_log / data/logs/nginx/access/localhost.access.log main;error_log / data/logs/nginx/error/localhost.error.log;charset utf-8;client_max_body_size 75M * root / data/www;location / {limit_req zone=session_limit burst=5 Rewrite_by_lua 'local random = ngx.var.cookie_randomif (random = = nil) thenreturn ngx.redirect ("/ auth?url=".. Ngx.var.request_uri) endlocal token = ngx.md5 ("opencdn".. Ngx.var.remote_addr.. Random) if (ngx.var.cookie_token ~ = token) thenreturn ngx.redirect ("/ auth?url=".. Ngx.var.request_uri) end';} location / auth {limit_req zone=auth_limit burst=1;if ($arg_url = "") {return 403;} access_by_lua 'local random = math.random (9999) local token = ngx.md5 ("opencdn".. Ngx.var.remote_addr.. Random) if (ngx.var.cookie_token ~ = token) thenngx.header ["Set-Cookie"] = {"token=".. Token, "random=".. Random} return ngx.redirect (ngx.var.arg_url) end';}} Thank you for reading! This is the end of the article on "how to configure Nginx to defend against cc attacks". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, you can share it for more people to see!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.