Configuring Nginx to implement simple defense against cc attacks

DDoS attack: Distributed denial of service attack is an attack that uses a large number of broilers or forged IPs to initiate a large number of server requests, eventually causing the server to paralyze. CC attack: similar to DDoS attack, but its characteristic is that it mainly initiates a large number of page requests, so the traffic is not large, but it can cause the page to be inaccessible.

This article mainly introduces how to quickly and effectively defend against CC attacks under lua+Nginx. As for how to install Nginx, I won’t go into details. Without further ado, please take a look at the example. I hope it can help you.

Use Nginx configuration to simply defend against cc attacks
============================== =======================================

Mainly Through the cooperation of nginx and lua, the purpose of defense is achieved.

1. Nginx compilation supports lua
---------------------------------

1. Download lua-nginx-module

wget https://github.com/openresty/lua-nginx-module/archive/master.zip
unzip master.zip

2. Compile

#./configure \
--user=nginx \
--group=nginx \
--prefix=/usr/local/gacp/nginx \
--error-log-path=/data/logs/nginx/error/error.log \
--http-log-path=/data/logs/nginx/access/access.log \
--pid-path=/usr/local/gacp/nginx/conf/nginx.pid \
--lock-path=/var/lock/nginx.lock \
--with-http_flv_module \
--with-http_stub_status_module \
--with-http_ssl_module \
--with-pcre \
--with-http_realip_module \
--with-http_gzip_static_module \
--with-google_perftools_module \
--with-file-aio \
--add-module=../ngx_cache_purge-2.3 \
--add-module=../lua-nginx-module-master

# make && make install

2. Configuration

http {
.....
limit_req_zone $cookie_token zone=session_limit:3m rate=1r/s;
limit_req_zone $binary_remote_addr $uri zone=auth_limit:3m rate=1r/m;


}

server {
listen 80;
server_name localhost;
access_log /data/logs/nginx/access/localhost.access.log main;
error_log /data/logs/nginx/error/localhost.error.log;
charset utf-8;
client_max_body_size 75M;
root /data/www;

location / {

limit_req zone=session_limit burst=5;

rewrite_by_lua '
local random = ngx.var.cookie_random
if(random == nil) then
return ngx.redirect("/auth?url=" .. ngx.var.request_uri)
end

local token = ngx.md5("opencdn" .. ngx.var.remote_addr .. random)
if(ngx.var.cookie_token ~= token) then
return ngx.redirect("/auth?url=" .. ngx.var.request_uri)
end
';
}

location /auth {
limit_req zone=auth_limit burst=1;

if ($arg_url = "") {
return 403;
}

access_by_lua '
local random = math.random(9999)
local token = ngx.md5("opencdn" .. ngx.var.remote_addr .. random)
if(ngx.var.cookie_token ~= token) then
ngx.header["Set-Cookie"] = {"token=" .. token, "random=" .. random}
return ngx.redirect(ngx.var.arg_url)
end
';

}
}

Isn’t it very simple?

Related recommendations:

Anti-cc attack PHP anti-CC attack implementation code

The above is the detailed content of Configuring Nginx to implement simple defense against cc attacks. For more information, please follow other related articles on the PHP Chinese website!