Portal Home > Knowledgebase > Articles Database > Limit using nginx to keep ssh reachable on attack
Limit using nginx to keep ssh reachable on attack
| Posted by hostyourdream, 12-04-2011, 04:30 PM |
| Hello
How can i limit using Nginx if i get an attack to keep my server reachable?
Sometimes if i get a small attack i can't use even ssh on my server
Can nginx help on this?
Thank you
|
| Posted by Patrick, 12-04-2011, 06:10 PM |
| Depends. Are they flooding your website with traffic or flooding the server?
|
| Posted by hostyourdream, 12-04-2011, 08:10 PM |
| What can i do in case one and what in case two?
|
| Posted by hostyourdream, 12-05-2011, 07:54 PM |
| I think that they hit just index.php
|
| Posted by leckley, 12-05-2011, 07:59 PM |
| Nginx has the ability to only allow x connections per source IP address. Enable it in your config and set it so something like 5 - you need to be careful if you have an image heavy site as it could possibly cause issues with paralleled downloads.
If you are getting a DDOS, then you are helpless. If the attack is big enough to block access to your server then it would have to be quite large or be pushing a ton of packets at the machine at which case its probably causing a lot more issues than with just your server.
KVMoIP as long as its on a network not effected by the DDOS should allow you to access your server assuming the server is not overloaded trying to deal with the incoming packets from the DDOS.
|
| Posted by hostyourdream, 12-06-2011, 12:03 AM |
| If i enable this for how many connections nginx will be able to keep wait without any problem/overload for the server?
Thank you
|
| Posted by techstubble, 12-06-2011, 12:22 AM |
| Rather than doing this in nginx, you'd be better off configuring some rate limiting in iptables. It will be less resource intensive to block at the firewall layer which could make a difference between your server weathering the attack or becoming unresponsive during a severe DoS attack
-Tech Stubble
|
| Posted by mikeA52, 12-06-2011, 01:19 AM |
| In most cases that I have seen... During an HTTP flood, you should be able to access SSH. I could be wrong, but from what you have stated it sounds to me that it is probably something else like a UDP flood. Without more information about what is happening to your server, it is hard to say if nginx will solve your issue.
|
| Posted by hostyourdream, 12-06-2011, 02:30 PM |
| How can i find out if it is a UDP attack?
Any ssh command?
|
| Posted by techstubble, 12-06-2011, 05:17 PM |
| There is a package called "iptraf" in Linux, "trafshow" in other OS's that you can run when you suspect an attack is happening. It will give you a real time view of what is happening on the network interface (src ip's, packets being transferred, protocols, ports..etc). There are other tools as well such as "netstat" and "tcpdump" that can provide the same info but "iptraf" auto-updates in real time making it easy to see what's happening across the board.
-Tech Stubble
|
| Posted by hostyourdream, 12-07-2011, 02:06 AM |
| Ok thank you
|
Add to Favourites 
Print this Article
Also Read
