Hi Eric,
see my reply https://forum.nginx.org/read.php?2,270680,270757#msg-270757 we do a similar thing but keep a counter within nginx (lua_shared_dict FTW) and export this stuff via /badass - location. although its not realtime we have a delay of 5 sec which is enough for us cheers, mex Cox, Eric S Wrote: ------------------------------------------------------- > Currently we track all access logs realtime via an in house built log > aggregation solution. Various algorithms are setup to detect said IPS > whether it be by hit rate, country, known types of attacks etc. These > IPS are typically identified within a few mins and we reload to banned > list every 60 seconds. We just moved some services from apache where > we were doing this without any noticable performance impact. Have this > working in nginx but was looking for general suggestion on how to > optimize if at all possible. > Posted at Nginx Forum: https://forum.nginx.org/read.php?2,270680,270758#msg-270758 _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
