cPnginx and Danginx can use to protect the HTTP DDOS as follows,
Edit the file /etc/sysctl.conf and increase the openfile limits. Add the following line,
fs.file-max = 700000
Edit /etc/security/limits.conf and add the following lines,
nobody soft nofile 100000
nobody hard nofile 500000
Now apply the sysctl configuration using the following command .
# sysctl -p
Now edit the /usr/local/nginx/conf/nginx.conf file and add the following line.
worker_rlimit_nofile 50000;
1) Add the following sysctl parameters,
net.ipv4.tcp_syncookies = 1
# source validation / reversed path
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
kernel.pid_max = 65536
net.ipv4.ip_local_port_range = 9000 65000
2) Use the RateLimit module , http://wiki.nginx.org/HttpLimitZoneModule It must be placed inside http block
limit_zone slimits $binary_remote_addr 10m;
limit_conn slimits 10;
3) You can also use the following too,
limit_req_zone $binary_remote_addr zone=slimitss:10m rate=1r/s;
limit_req zone=slimitss burst=10;
Help:
root@servidor [/usr/local]# cat /usr/local/nginx/conf/nginx.conf
cat: /usr/local/nginx/conf/nginx.conf: No such file or directory
My server is cpanel server
is it really make effect ? because i get sych attack. thanks
To an extend only software scheme of firewall do prevent DDOS attacks, but deploying an hardware firewall is the best .We also have a DDOS Protecion plan at http://syslint.com/DDOS-Proxy-Support