github/myvesta
1
0
Fork 0
mirror of https://github.com/myvesta/vesta synced 2025-08-14 02:28:05 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update install_rate_limit_tpl.sh

Browse source
This commit is contained in:
myvesta 2020-05-10 00:48:36 +02:00 committed by GitHub
commit d898854061
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

8
src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh
View file

@ -1,5 +1,13 @@
#!/bin/bash
# This installer will install hosting-firewall.tpl (nginx template) that will:
# + allow 1 http request per second per IP address (sent to your server, more precisely to your PHP-FPM)
# + allow 2 parallel http connections per IP address (sent to your PHP-FPM)
# + make burst (queue) for 7 additional http requests in the same second, but it will processed each request each second (so this will handle natural peaks that CMS can generate to itself)
# + if client fills allowed queue , additional requests will be denied
#
# Generally, this nginx template will prevent bad bots to run hundreds parallel http requests against your site, which will probably cause denial-of-service on your server
grepc=$(grep -c 'limit_conn_zone' /etc/nginx/nginx.conf)
if [ "$grepc" -eq 0 ]; then
sed -i 's|server_names_hash_bucket_size 512;|server_names_hash_bucket_size 512;\n limit_conn_zone $binary_remote_addr zone=addr:10m;\n limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;\n limit_conn_log_level error;\n limit_req_log_level error;\n limit_conn_status 429;\n limit_req_status 429;|g' /etc/nginx/nginx.conf