ddos - I found a piece of nginx anti-CC attack configuration on the Internet. Can anyone give a rough explanation?
http{
...
limit_req_zone $cookie_token zone=session_limit:3m rate=1r/s;
limit_req_zone $binary_remote_addr $uri zone=auth_limit:3m rate=1r/m;
}
location /{
limit_req zone=session_limit burst=5;
rewrite_by_lua '
local random = ngx.var.cookie_random
if (random == nil) then
return ngx.redirect("/auth?url=" .. ngx.var.request_uri)
end
local token = ngx.md5("opencdn" .. ngx.var.remote_addr .. random)
if (ngx.var.cookie_token ~= token) then
return ngx.redirect("/auth?url=".. ngx.var.request_uri)
end
';
}
location /auth {
limit_req zone=auth_limit burst=1;
if ($arg_url = "") {
return403;
}
access_by_lua '
local random = math.random(9999)
local token = ngx.md5("opencdn" .. ngx.var.remote_addr .. random)
if (ngx.var.cookie_token ~= token) then
ngx.header["Set-Cookie"] = {"token=" .. token, "random=" .. random}
return ngx.redirect(ngx.var.arg_url)
end
';
}The limit_req_zone $binary_remote_addr $uri zone=auth_limit:3m rate=1r/m; in the code is correct. Are you sure you want to add $uri? (Update limit_req_zone supports multiple variables, so $binary_remote_addr $uri is correct)
If I want to apply it to my nginx, what else should I do besides this code?
Attached is the original post address, I don’t know if it is the original post: http://www.92csz.com/30/1255....
