Auto Added by WPeMatico
I am creating WebSocket server with rust and tokio and I want to prevent DDos attacks and spams.
So I thought of creating HashMap and inserting IP address for 1 hour which i suspect is trying to do spamming or DDos Attack but will this also ban other innocent users for 1 hour sharing same NAT network with attacker ?
If I ban IP address and port combination, will the attacker just use other port?
Go to Source
Author: voldimot
A Raspbery Pi running (arm-)Arch sits behind my router NAT. The RasPi has a static IP 192.168.1.6 and an nginx serving on port 8093. (The nginx is listening on port 80 for another webpage.)
The server_name is “pi.hole” and it is resolved correctly by the source machine to 192.168.1.6
The interface opens successfully in my browser at “http://192.168.1.6:8093”
A “404 Not Found” pops when opening “pi.hole”
Bellow are my /etc/nginx/nginx.conf
user http;
worker_processes auto;
worker_rlimit_nofile 10240;
events {
# Use epoll on Linux 2.6+
use epoll;
# Max number of simultaneous connections per worker process
worker_connections 2048;
# Accept all new connections at one time
multi_accept on;
}
http {
server_tokens off;
sendfile on;
tcp_nopush on;
tcp_nodelay off;
send_timeout 30;
keepalive_timeout 60;
keepalive_requests 200;
reset_timedout_connection on;
types_hash_max_size 2048;
server_names_hash_bucket_size 64;
include /etc/nginx/mime.types;
default_type text/html;
charset UTF-8;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip on;
gzip_min_length 1000;
gzip_disable "msie6";
gzip_proxied any;
gzip_comp_level 5;
gzip_types
text/plain
text/css
application/json
application/x-javascript
text/xml
application/xml
application/xml+rss
text/javascript
application/javascript
application/octet-stream;
open_file_cache max=1000 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 2;
open_file_cache_errors on;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
and /etc/nginx/conf.d/pihole.conf
# /etc/nginx/conf.d/pihole.conf
#
# https://github.com/pi-hole/pi-hole/wiki/Nginx-Configuration
#
server {
listen 192.168.1.6:8093 ;
root /srv/http/pihole;
server_name pi.hole;
autoindex off;
proxy_intercept_errors on;
error_page 404 /pihole/index.php;
index pihole/index.php index.php index.html index.htm;
location / {
expires max;
try_files $uri $uri/ /pihole/index.php?$args =404;
add_header X-Pi-hole "A black hole for Internet advertisements";
}
location ~ .php$ {
include fastcgi.conf;
fastcgi_intercept_errors on;
fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
#fastcgi_pass 127.0.0.1:9000;
#fastcgi_param VIRTUAL_HOST "pi.hole";
#fastcgi_param SERVER_NAME $host;
fastcgi_param SERVER_NAME "pi.hole";
}
location /admin {
root /srv/http/pihole;
index index.php index.html index.htm;
add_header X-Pi-hole "The Pi-hole Web interface is working!";
add_header X-Frame-Options "DENY";
}
location ~ /.ttf {
add_header Access-Control-Allow-Origin "*";
}
location ~ /admin/. {
deny all;
}
location ~ /.ht {
deny all;
}
}
I tried adding the ip to the listener and playing with the fastcgi_param for the host name to no better end.
The user running nginx is the same for php-fpm and has ownership and read-write permissions and the root and down the tree.
What am I doing wrong?
Go to Source
Author: superAnnoyingUser