On Wed, Sep 14, 2016 at 2:23 PM, c0nw0nk <nginx-fo...@forum.nginx.org> wrote:
> Yeah the reason it does not work behind CloudFlare is because the > limit_conn > and limit_req is blocking the CloudFlare server IP for making to many > requests. So that is why i am reciving the DOS output "503 service > unavailable" > Misconfiguration. > And I don't fancy building a whitelist of IP's since it would require > manually updating allot. The cloudflare server IP's would need excluding > from the $binary_remote_addr output. > Void argument. If you did your howework, you would have realized the list provided in the example is taken from CloudFlare's published IP address, which are also conveniently delivered as text format to ease the job of automatic grabbing. You'll have to choose if you want to fully automate the verification/update of those IP addresses or if you want to introduce manual check/action in the process. Currently i am using my first method and it works great. > It has been several times you have been stating that already. There is no point in asking for help if you won't listen to the answers. Glad with your resource-greedy unoptimized way? Fine. End of transmission. Others who are seeking for the best practices regarding combining limit_req, limit_rate dans the realip module will find all the information already available. Best of luck in your proceedings, --- *B. R.*
_______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx