How to configure ddos in ubuntu server with nginx
Configuring DDoS Protection in Nginx on Ubuntu
To configure basic DDoS protection in Nginx on Ubuntu, follow these steps:
- Install Nginx:
sudo apt install nginx
- Limit the request rate:
sudo nano /etc/nginx/nginx.conf
Add the following lines in the
limit_req_zone $binary_remote_addr zone=one:10m rate=30r/m;
This will limit requests to 30 per minute from each IP address.
- Limit the number of connections:
Add this to the
limit_conn_zone $binary_remote_addr zone=addr:10m;
And add this to the
limit_conn addr 10;
This will limit each IP to 10 concurrent connections.
- Enable connection timeouts:
Add these lines to the
client_body_timeout 10; client_header_timeout 10; keepalive_timeout 5 5; send_timeout 10;
This will close idle connections after 5 seconds.
- Denylist IP addresses:
To block specific IP addresses, add:
deny 18.104.22.168; deny 22.214.171.124;
- Restart Nginx:
sudo systemctl restart nginx
These basic Nginx configuration options can help mitigate some DDoS attacks by limiting the rate of incoming requests, connections, and timeouts. However, for strong protection against large DDoS attacks, a dedicated DDoS protection service is recommended.