How to properly configure the nginx + apache + mod_fcgid combination to withstand dos attacks? He overlapped all Google, but did not find anything intelligible, tried a lot, but the server as it went from the apache benchmark continued to go.
1 answer
And you just went wrong to the question. Usually, a firewall is added to this bundle, which counts requests and blocks if they go too often. The classic solution is fail2ban .
The next etam is the use of load balancer and several servers behind it. Here you can start with the usual dns round robin or use ready-made solutions, for example, from Amazon , which, if necessary, will also raise additional nodes.
If this is not enough, then they are already using hardware solutions to cut off malicious traffic. But this is a completely different level and you hardly need them right now.
But if the server is on a weak machine, and DDoS comes from the same subnet (that is, the channel to the server is wide), then no Apache or nginx can handle it, not to mention php scripts and the server itself is difficult to resist.
KoVadim KoVadim
85.7k four 66 128
- Fail2ban costs, the machine is average in power. The problem is that I have no idea how to configure fail2ban and thank you so much for the link to Habr) - Heisenberg Varschik
|