My website received DDOS attacks (confirmed). I use Nginx as the reverse proxy server and have 3 WebApps (A,B,C) in the backend. The status is very strange. In DDOS status:
- Nginx cannot return backend (A and C) results and show 504, but can return backend B.
- Access A and C directly (without through Nginx), Okay (performance is normal).
I thought the connections were exhausted, but as #1 mentioned, the B content can be returned.
BTW: netstat -nat|grep ESTABLISHED|wc -l show more than 10,000.
Any ideas or suggestions?
