Nginx-Lua-Anti-DDoS icon indicating copy to clipboard operation
Nginx-Lua-Anti-DDoS copied to clipboard

Published 20 hours ago verified publisher icon C0nw0nk

Bandwidth and CPU drain

Open BradPerbs opened this issue 4 years ago • 7 comments

Any tip to reduce the CPU and bandwidth usage?

I'm currently using 2x KVM VPS in round robin with 20 and 8 cores, but with a simple attack, I reach 700 Mbit on both and 100% CPU usage.

Maybe a mitigation system that ban the hosts in netflow could work?

If you have any suggestion please let me know

BradPerbs avatar Jun 09 '20 17:06 BradPerbs

any ideas on how to filter that 80%?

BradPerbs avatar Jul 15 '20 13:07 BradPerbs

Use services that provide ddos mitigation

hroost avatar Jul 15 '20 22:07 hroost

Use services that provide ddos mitigation

For "services" you mean providers? because in that case will not work, since that mitigate only Layer 3/4 traffic, not layer 7 HTTP legitimate traffic

BradPerbs avatar Jul 15 '20 22:07 BradPerbs

This is where things get complex and I could solve it by allowing the script to take control of the servers built in firewall. For windows server users this would be netsh advfirewall and Linux would be iptables -A INPUT -s 192.168.0.1 -j DROP

I have the ability with Nginx Lua to access os.execute in order to run such things through a command line or console but i am looking at io.popen a bit more since os.execute blocks threads and workers while they run and io.popen is non blocking so will allow others users requests to finish and connect still.

C0nw0nk avatar Jul 19 '20 14:07 C0nw0nk

This is where things get complex and I could solve it by allowing the script to take control of the servers built in firewall. For windows server users this would be netsh advfirewall and Linux would be iptables -A INPUT -s 192.168.0.1 -j DROP

I have the ability with Nginx Lua to access os.execute in order to run such things through a command line or console but i am looking at io.popen a bit more since os.execute blocks threads and workers while they run and io.popen is non blocking so will allow others users requests to finish and connect still.

Check this https://github.com/juce/lua-resty-shell

ti-bone avatar Aug 07 '22 01:08 ti-bone

Seems like a useless tool antiddos then..

On Mon, 13 Jul 2020 at 20:44 GiacomoDevIT @.***> wrote:

You have to break 80% of attack before arriving to NGINX.. if the attack arrives to nginx the host will go offline for high CPU Usage.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/C0nw0nk/Nginx-Lua-Anti-DDoS/issues/48#issuecomment-657698130, or unsubscribe https://github.com/notifications/unsubscribe-auth/AE6DR6F3C2ECSC34RHZK5GDR3NBXPANCNFSM4NZTCDEQ .

AndreiG6 avatar Oct 11 '22 07:10 AndreiG6

Hi, you can try third-party free DDOS/HTTP Flood defense with unlimited traffic Layer L3-4 defense www.freecdn.pw FreeCDN Accelerated Defense

wumingpc avatar Aug 25 '23 19:08 wumingpc