> Am 01.11.2016 um 23:35 schrieb Cox, Eric S <eric....@kroger.com>:
>
> Currently we track all access logs realtime via an in house built log
> aggregation solution. Various algorithms are setup to detect said IPS whether
> it be by hit rate, country, known types of attacks etc. These IPS are
> typically identified within a few mins and we reload to banned list every 60
> seconds. We just moved some services from apache where we were doing this
> without any noticable performance impact. Have this working in nginx but was
> looking for general suggestion on how to optimize if at all possible.
Ah, if you already have the data pre-processed…
I’d move blocking to the host’s firewall, as suggested.
Long term, I want to do this (or at least be able to), too.
We (MSP) have a rather large number of firewalls and telling the network-guys
„Block this IP at all of them“ does not work (it would probably take them the
better part of the day).
They don’t believe in automation...
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
