Websites may be caught by peers, or DDoS attacks, so you have to make the appropriate strategy
1. Using Fail2ban
Fail2ban is by scanning log to determine whether to use iptable block, so the original system has a small impact, and do not need to reconfigure nginx. But I don't know if the traffic is too big to hold.
First, /etc/fail2ban/jail.conf
join in.
[http-get-dos ]enabled = true port = http,httpsfilter = nginx-bansnifferlogpath = /usr/local/ Nginx/logs/segmentfault.logmaxretry = 120findtime = 120bantime = 3600action = iptables[name=HTTP, Port=http, protocol=tcp]
Then create /etc/fail2ban/filter.d/nginx-bansniffer.conf
a new, original Nginx configuration file and this similar
[Definition] <HOST>-.*-. *http/1.*. *. *$Ignoreregex =
Finally restart the fail2ban
service, in the above configuration, we have more than 120 times every 120 seconds of access to the IP, blocking 1 hours.
2. Ngx-lu-waf Script Https://github.com/loveshell/ngx_lua_waf
Nginx needs to be reinstalled to support the Ngx-lua module
Deployment Address http://www.ttlsa.com/nginx/nginx-modules-ngx_lua/
Http://blog.slogra.com/post-497.html
Prevent websites from being caught