added some DDoS protection referenced from https://easyengine.io/tutorials/nginx/fail2ban/ adding a new Fail2Ban filter dubbed nginx-req-limit

This commit is contained in:
ChiefGyk 2016-12-17 15:43:03 -05:00
parent b5af68a3a0
commit 1fb3434ff5
2 changed files with 22 additions and 0 deletions

View File

@ -0,0 +1,13 @@
# Fail2Ban configuration file
#
# supports: ngx_http_limit_req_module module
[Definition]
failregex = limiting requests, excess:.* by zone.*client: <HOST>
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =

View File

@ -78,3 +78,12 @@ bantime = 3600
[ssh-ddos]
enabled = true
[nginx-req-limit]
enabled = true
filter = nginx-req-limit
action = iptables-multiport[name=ReqLimit, port="http,https", protocol=tcp]
logpath = /var/log/nginx/*error.log
findtime = 600
bantime = 7200