zoukankan      html  css  js  c++  java

  • #优化:Nginx防御DDOS和CC攻击

    加载HTTP段

##
    #  基础配置
    ##
    keepalive_timeout    10;
    server_tokens off;
    types_hash_max_size  2048;
    ##
    # 主要配置
    ##
    sendfile     on;
    tcp_nopush   on;
    tcp_nodelay  on;
    open_file_cache            max=50000  inactive=20s; 
    open_file_cache_valid      30s; 
    open_file_cache_min_uses   2;
    open_file_cache_errors     on;
    reset_timedout_connection  on;
    client_body_timeout        10;
    send_timeout               2;
    ##
    # DDoS 和 CC 防御配置,主要是限制链接数,详细:http://nginx.org/en/docs/http/ngx_http_limit_conn_module.html
    ##
    client_body_buffer_size      128k;
    large_client_header_buffers  4 32k;
    server_names_hash_bucket_size 128;
    client_header_buffer_size 32k;
    client_max_body_size 50m;

    limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m;
    limit_req_zone $binary_remote_addr zone=req_limit_per_ip:10m rate=50r/s;
    limit_conn conn_limit_per_ip 20;
    limit_req zone=req_limit_per_ip burst=20;


完整的nginx配置文件
[root@panni ~]# cat /etc/nginx/nginx.conf 
user  nobody;
worker_processes  auto;

error_log  /var/log/nginx/error.log;
pid        /var/run/nginx.pid;
worker_rlimit_nofile 1024;


events {
    use epoll;
    worker_connections  1024;
    multi_accept on;

}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;
    
    ##
    # 基础配置
    ##
    keepalive_timeout    10;
    server_tokens off;
    types_hash_max_size  2048;
    ##
    # 主要配置
    ##
    sendfile     on;
    tcp_nopush   on;
    tcp_nodelay  on;
    open_file_cache            max=50000  inactive=20s; 
    open_file_cache_valid      30s; 
    open_file_cache_min_uses   2;
    open_file_cache_errors     on;
    reset_timedout_connection  on;
    client_body_timeout        10;
    send_timeout               2;
    ##
    # DDoS 和 CC 防御配置,主要是限制链接数,详细:http://nginx.org/en/docs/http/ngx_http_limit_conn_module.html
    ##
    client_body_buffer_size      128k;
    large_client_header_buffers  4 32k;
    server_names_hash_bucket_size 128;
    client_header_buffer_size 32k;
    client_max_body_size 50m;

    limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m;
    limit_req_zone $binary_remote_addr zone=req_limit_per_ip:10m rate=50r/s;
    limit_conn conn_limit_per_ip 20;
    limit_req zone=req_limit_per_ip burst=20;

    fastcgi_connect_timeout 300; #如果你不使用FastCGI,请用井号注释该段每一行
    fastcgi_send_timeout 300;
    fastcgi_read_timeout 300;
    fastcgi_buffer_size 64k;
    fastcgi_buffers 4 64k;
    fastcgi_busy_buffers_size 128k;
    fastcgi_temp_file_write_size 256k;

    gzip on; #如果你不使用GZip,请用井号注释该段每一行
    gzip_min_length  1k;
    gzip_buffers     4 16k;
    gzip_http_version 1.0;
    gzip_comp_level 2;
    gzip_types       text/plain application/javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;
    gzip_vary off;
    gzip_proxied        expired no-cache no-store private auth;
    gzip_disable        "MSIE [1-6].";

    include /etc/nginx/conf.d/*.conf;
}
  • 相关阅读:
    Windows dll注入
    Android获取ROOT权限的通用方法
    Android odex,oat文件的反编译,回编译
    盘点那些适配Linux的国产常用软件
    Hook Java API以获得MD5加密前数据
    修改Android源码实现原生应用双开,应用多开
    让终端更好看--Ubuntu OhMyZsh配置指南
    (二) go语言设计模式-创建模式之抽象工厂模式(Abstract Factory)
    (一) go语言设计模式概述
    j2ee高级开发技术课程第十四周
  • 原文地址:https://www.cnblogs.com/doseoer/p/6985179.html
Copyright © 2011-2022 走看看