Re: How to rate-limit jorgee malware scanner?

Mon, 24 Jul 2017 07:07:12 -0700 

Hi all,
Unfortunately, its impossible to use limit_req within the http location using a "if" statement like so: 

http {

limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;

if ($http_user_agent ~* (Jorgee)) {

limit_req zone=one burst=5;

return 403;

}

}



As a workaround I use limit_req within a location to prevent my uwsgi 
app for being abused.


Cheers,
E

Le 2017-07-24 à 08:12, Zhang Chao a écrit :


Hi!


Nginx carries with the limit_req_module 
<http://nginx.org/en/docs/http/ngx_http_limit_req_module.html>. I 
think it is a good helper.





On 24 July 2017 at 20:10:05, Gary Sellani ([email protected] 
<mailto:[email protected]>) wrote:



I just detect the use agent and return 444, but every attempt to get 
a file will show up in your access.log.


https://www.buildersociety.com/threads/block-unwanted-bots-on-apache-nginx-constantly-updated.1898/


I get two or three jorgee "sessions" a day. They tend not to use the 
domain name but reference your server by IP, so there might be some 
better blocking scheme.


  Original Message
From: [email protected] <mailto:[email protected]>
Sent: July 24, 2017 3:14 AM
To: [email protected] <mailto:[email protected]>
Reply-to: [email protected] <mailto:[email protected]>
Subject: How to rate-limit jorgee malware scanner?

Hi,

The Jorgee malware scanner is creating a lot of activity on my site. I
would like to rate-limit its connections to nginx based on the
User-Agent, since blocking all IP addresses with iptables seems
impossible. Is their a quick way of doing this ?

Thank you in advance ,

E

--
Etienne Robillard
[email protected] <mailto:[email protected]>
http://www.isotopesoftware.ca/

_______________________________________________
nginx mailing list
[email protected] <mailto:[email protected]>
http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________
nginx mailing list
[email protected] <mailto:[email protected]>
http://mailman.nginx.org/mailman/listinfo/nginx



_______________________________________________
nginx mailing list
[email protected]
http://mailman.nginx.org/mailman/listinfo/nginx


--
Etienne Robillard
[email protected]
http://www.isotopesoftware.ca/


_______________________________________________
nginx mailing list
[email protected]
http://mailman.nginx.org/mailman/listinfo/nginx





















					Reply via email to