Friday, February 26, 2010

Anti-DDOS NGINX Server Configuration includes PHP config

Here is my NGINX configuration for DDOS Attacks to PHP and my lovely NGINX server:
nginx.conf
user www-data www-data;
worker_processes 10;

error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;

events {
worker_connections 1024;
}

http {
include /etc/nginx/mime.types;
default_type application/octet-stream;

access_log /var/log/nginx/access.log;

sendfile on;

#keepalive_timeout 0;
keepalive_timeout 5;
tcp_nodelay on;

gzip on;
limit_req_zone $binary_remote_addr zone=antiddosphp:10m rate=1r/s;
limit_req_zone $binary_remote_addr zone=antiddos:10m rate=10r/s;

include /etc/nginx/mustafat/*;

}
virtualhost.conf
server {
root /home/www-data/vpswatch.com;
listen 80;
server_name vpswatch.com;

access_log off;

location / {
index index.php index.html index.htm;
limit_req zone=antiddos burst=10;

}
location ~ \.php$ {
fastcgi_pass unix:/tmp/php-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_read_timeout 1800;
fastcgi_param SERVER_NAME $http_host;
fastcgi_ignore_client_abort on;
limit_req zone=antiddosphp burst=2;
}
}

1 comment:

Unknown said...

Great post!I agree with everything you said... please visit once at http://ddoscube.com/