{"id":6012,"date":"2015-04-08T13:12:27","date_gmt":"2015-04-08T05:12:27","guid":{"rendered":"https:\/\/webhostinggeeks.com\/howto\/?p=6012"},"modified":"2023-04-28T09:47:15","modified_gmt":"2023-04-28T09:47:15","slug":"nginx-ddos-attack-tutorial","status":"publish","type":"post","link":"https:\/\/webhostinggeeks.com\/howto\/nginx-ddos-attack-tutorial\/","title":{"rendered":"How to Implement Basic Protection Against DDoS Attacks for Nginx"},"content":{"rendered":"

Distributed Denial of Service (DDoS) attacks<\/a> can overwhelm a server’s resources, causing a website or application to become unresponsive or unavailable. Implementing basic protection against DDoS attacks is essential for maintaining server stability and performance.<\/p>\n

Here’s a step-by-step guide on implementing basic protection against DDoS attacks for Nginx.<\/p>\n

Step 1: Update and Secure Your Server<\/h2>\n

Ensure your server and software are up-to-date and properly secured. This includes installing the latest security patches, hardening SSH access, and configuring firewalls.<\/p>\n

\r\nsudo apt update && sudo apt upgrade -y\r\n<\/pre>\n
Step 2: Limit Request Rate<\/h2>\n
Limit the rate at which clients can send requests to your server. This can help mitigate DDoS attacks by slowing down the rate of incoming requests.<\/p>\n
Open your Nginx configuration file:<\/p>\n
\r\nsudo nano \/etc\/nginx\/nginx.conf\r\n<\/pre>\n
In the http block, add the following lines:<\/p>\n
\r\nlimit_req_zone $binary_remote_addr zone=one:10m rate=30r\/m;\r\n<\/pre>\n
This configuration creates a shared memory zone called “one” with a maximum size of 10 MB and allows 30 requests per minute from a single IP address.<\/p>\n
Next, open your Nginx server block configuration file:<\/p>\n
\r\nsudo nano \/etc\/nginx\/sites-available\/default\r\n<\/pre>\n
Inside the server block, add the following lines within the appropriate location block:<\/p>\n
\r\nlimit_req zone=one burst=30 nodelay;\r\n<\/pre>\n
This configuration allows for a burst of 30 requests, which are processed without delay.<\/p>\n
Save the file and restart Nginx:<\/p>\n
\r\nsudo systemctl restart nginx\r\n<\/pre>\n
Step 3: Limit Connections<\/h2>\n
Limit the number of connections from a single IP address to prevent a single client from consuming too many resources.<\/p>\n
In the http block of the Nginx configuration file, add the following lines:<\/p>\n
\r\nlimit_conn_zone $binary_remote_addr zone=addr:10m;\r\n<\/pre>\n
This configuration creates a shared memory zone called “addr” with a maximum size of 10 MB to store connection information.<\/p>\n
In the server block of the Nginx server block configuration file, add the following lines within the appropriate location block:<\/p>\n
\r\nlimit_conn addr 10;\r\n<\/pre>\n
This configuration limits the number of concurrent connections from a single IP address to 10.<\/p>\n
Save the file and restart Nginx:<\/p>\n
\r\nsudo systemctl restart nginx\r\n<\/pre>\n
Step 4: Enable Connection Timeouts<\/h2>\n
Set timeouts for connections to mitigate slow HTTP attacks.<\/p>\n
In the http block of the Nginx configuration file, add the following lines:<\/p>\n
\r\nclient_body_timeout 10;\r\nclient_header_timeout 10;\r\nkeepalive_timeout 5 5;\r\nsend_timeout 10;\r\n<\/pre>\n
These settings configure various timeouts for client connections, helping to mitigate slow HTTP attacks.<\/p>\n
Save the file and restart Nginx:<\/p>\n
\r\nsudo systemctl restart nginx\r\n<\/pre>\n
Commands Mentioned:<\/h2>\n