Nginx filter Hash DDOS attack

This may all be airs, but it is still in the way I use it, and it can be used for reference.

The language of the last time is absolutely impressed, and almost all of the websites are in this class. Whether you use PHP, Python is also affected to varying degrees, and PHP is particularly obvious, because PHP uses more people, The way of attack is simply not, interested, can find this test script, one terminal hangs a pHP site with a loaf of vulnerabilities.

Our HTTP request is through the NGINX reverse agent, so the advantage is to do a lot of logic on the NGINX layer, which is the anti-Hash DOS is this architecture.

The principle is to filter the request for the number of specified parameters in the POST request. I am 300. You can adjust it yourself. If you don’t have HTTP developers to have more than this parameter value when using the Post method, so it will not affect normal requests.

Previously, there was a C module who wrote NGX himself. It is also the principle, but the NGX module development complexity is there, because his C is not skilled, or write itself with Lua, convenient, simple.

# Configure dependent NGX-Lua module

Ok, there is not much nonsense, put the configuration of Nginx:


ngx.req.read_body ()

Local method ngx.var.Request_method

Local Max_count 300 -POST maximum parameters

if Method ‘Post’ Then

Local data ngx.req.get_body_data ()

IF data kil

Local country 0

Local i 0

While True Do

IF count> max_count then

-ngx.redirect (‘/ post-error’)

Ngx.exit (ngx.http_bad_request)


I String.Find (Data, ‘&’, i + 1)

If i nil the break end

Count country + 1




>> Cat nginx.conf

… ..

Server {

Client_body_buffer_size 20m;


Access_by_lua_file /opt/conf/nginx/lua/post_limit.lua;


… ..

Nginx other configurations have hidden.

Nginx 1.0.xx combines backend PHP application tests, and configuration also applies to HTTP applications for other development languages.

Have time can slowly upgrade your backend app PHP version, otherwise a range of version upgrades, it is also enough.