3

I require a TCP reverse proxy to protect my server's IP. I need something like this which works fine https://xhosts.uk/ddosprotection or https://www.hostsavor.com/proxies I was wondering if I could use NGINX to achieve this, as NGINX is what I currently use as my ddos protection.

Richard
  • 31
  • 2
  • How are you using NGINX as DDoS-Protection? You can limit rate per IP but DDOS is a whole different thing. If you're in an professional environment you need a provider to handle this for you. I'm not advertising a specific provider here, just search for ddos-protection. If it's just for your private/small business site: Are you actually under attack? Then contact your ISP for help. If not: Don't bother with it, this can be quite costly. You only need DDOS protection if high availability is crucial for your business and you're actually a potential target of large-scale DDOS. – Broco Mar 20 '18 at 11:41
  • The backend server is being used to host a game which is known to have particularly toxic players, many of which have proper botnets. I've already got an nginx server setup as a http reverse proxy with a fully configured firewall. My mate DDOSed it with my permission and it had no affect on either server, handling 60,000+ connections easily. He said he could use alot more but I simply just rate-limit too much and nginx would ban the IPs - so yes it can be done :) Was wondering I could use this same setup (since it works for me) but for TCP protection. – Richard Mar 21 '18 at 06:02
  • 60000 isn't that much and there are way more angles of attack, e.g. which connection type, what methods to use, DNS amplification etc. If it's really a productive environment you should at least consult a company in the DDOS prevention business, that consultation is money well spent. You obviously test your environment for this case which is great because many people don't really think about it but let a professional company look over your setup just so you can sleep well, is all I'm saying. – Broco Mar 21 '18 at 08:50

1 Answers1

2

There some ways to use Nginx for DOS Protection (see Rate Limiting with NGINX and NGINX Plus or Mitigating DDoS Attacks with NGINX and NGINX Plus) but for real DDOS attacks - I emphasize the first D which stands for "Distributed" - you need a little more than Nginx, especially on network level.

However I assume that the linked approaches gives you already a good start into this issue.

Jens Bradler
  • 6,503
  • 2
  • 17
  • 13