Friday, February 26, 2010

Anti-DDOS NGINX Server Configuration includes PHP config

Here is my NGINX configuration for DDOS Attacks to PHP and my lovely NGINX server:
user www-data www-data;
worker_processes 10;

error_log /var/log/nginx/error.log;
pid /var/run/;

events {
worker_connections 1024;

http {
include /etc/nginx/mime.types;
default_type application/octet-stream;

access_log /var/log/nginx/access.log;

sendfile on;

#keepalive_timeout 0;
keepalive_timeout 5;
tcp_nodelay on;

gzip on;
limit_req_zone $binary_remote_addr zone=antiddosphp:10m rate=1r/s;
limit_req_zone $binary_remote_addr zone=antiddos:10m rate=10r/s;

include /etc/nginx/mustafat/*;

server {
root /home/www-data/;
listen 80;

access_log off;

location / {
index index.php index.html index.htm;
limit_req zone=antiddos burst=10;

location ~ \.php$ {
fastcgi_pass unix:/tmp/php-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_read_timeout 1800;
fastcgi_param SERVER_NAME $http_host;
fastcgi_ignore_client_abort on;
limit_req zone=antiddosphp burst=2;

1 comment:

Bob Dos said...

Great post!I agree with everything you said... please visit once at