Nginx And DDOS Protection

cPnginx and Danginx can use  to protect the HTTP DDOS as follows,
Edit the file   /etc/sysctl.conf  and increase the openfile limits. Add the following line,

fs.file-max = 700000

Edit  /etc/security/limits.conf  and add the following  lines,

nobody       soft    nofile  100000
nobody       hard    nofile  500000

Now apply the sysctl configuration using the following command .

# sysctl -p

Now edit the  /usr/local/nginx/conf/nginx.conf  file  and add the following line.

worker_rlimit_nofile 50000;

1)  Add the following sysctl parameters,

net.ipv4.tcp_syncookies = 1
# source validation / reversed path
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
kernel.pid_max = 65536
net.ipv4.ip_local_port_range = 9000 65000

2) Use the  RateLimit module ,   It must be placed inside http block

limit_zone slimits $binary_remote_addr 10m;
limit_conn slimits 10;

3) You can also use the following too,

limit_req_zone $binary_remote_addr zone=slimitss:10m rate=1r/s;
limit_req zone=slimitss  burst=10;