Skip to content

Commit

Permalink
more strict rate limiting to make scanners less effective
Browse files Browse the repository at this point in the history
  • Loading branch information
@papko26
papko26 committed Nov 24, 2024
1 parent 278a4a8 commit 1d95e12
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions nginx/nginx.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ events {
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
limit_req_zone $binary_remote_addr zone=mylimit:10m rate=3r/s;
limit_req_zone $binary_remote_addr zone=mylimit:10m rate=1r/s;

log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
Expand Down Expand Up @@ -41,7 +41,7 @@ server {
ssl_certificate_key /etc/letsencrypt/live/waze.papko.org/privkey.pem;

location / {
limit_req zone=mylimit burst=10 nodelay;
limit_req zone=mylimit burst=3 nodelay;
proxy_pass http://gtw:5000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
Expand Down

0 comments on commit 1d95e12

Please sign in to comment.