WebFaction
Community site: login faq

I'm just going into this assuming we have no access to iptables rules as I know of no way to do it compartmentalized to users and their processes. If I'm wrong about that feel free to correct me.

So say a web site of mine is under attack from a certain region or country and I want to block an IP range, or I want to implement a filter to a server based on a large block list.

I know with Nginx (on my compiled server) I can use access rules to filter IPs or IP ranges with Deny and Allow. Isn't that not ideal though since the server is still sending a response? I was to believe that when blocking IPs from a server you want the connection to not be responded to at all which can help mitigate the effect of DDOS attacks, brute force attempts, etc.

What is the best way to filter incoming connection by IP, preferably with a way to completely drop the connection without a response?

asked 17 Oct '13, 23:44

HittingSmoke
4822230
accept rate: 8%

edited 17 Oct '13, 23:45


In the case of DDOS you can contact us and we will implement the required rules into iptables for you, or work with our upstream providers for lower level solutions. For other lesser abuse issues you would assign a rule within your webserver application to block the users IP. We have examples for Apache the same idea applies to nginx or any other webserver.

permanent link

answered 18 Oct '13, 02:16

johns
5.3k312
accept rate: 23%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×186
×9
×2

question asked: 17 Oct '13, 23:44

question was seen: 2,505 times

last updated: 18 Oct '13, 02:16

WEBFACTION
REACH US
SUPPORT
AFFILIATE PROGRAM
LEGAL
© COPYRIGHT 2003-2019 SWARMA LIMITED - WEBFACTION IS A SERVICE OF SWARMA LIMITED
REGISTERED IN ENGLAND AND WALES 5729350 - VAT REGISTRATION NUMBER 877397162
5TH FLOOR, THE OLD VINYL FACTORY, HAYES, UB3 1HA, UNITED KINGDOM