http-error-abuse #

Imagine someone keeps poking your website with requests that don't exist — hammering random URLs (lots of 404s), banging on stuff they're not allowed to see (lots of 403s), or spamming requests until your server starts coughing up 500 errors. That's abuse, and it wastes your server's time.

Source: our fork on GitHub

Directives

error_abuse #

syntax: error_abuse 1+ args;  ·  context: http, server, location

Requires persist. | ### error_abuse zone=name [status=code] [dry_run=on|off] [log_level=level] — context: http, server, location Switches a declared zone on for that location.

error_abuse_redis #

syntax: error_abuse_redis 1+ args;  ·  context: http

Add error_abuse_redis and set redis=on on a zone, and all servers sharing the same prefix and zone settings count together and share bans.

error_abuse_zone #

syntax: error_abuse_zone 1+ args;  ·  context: http

The shortest config that actually works is just: ## Synopsis (directives + defaults) ### error_abuse_zone zone=name:size [...] — context: http Declares a zone.

Example

load_module modules/ngx_http_error_abuse_module.so;

http {
    # Optional: share bans across servers (see the Redis section).
    error_abuse_redis host=127.0.0.1 port=6379 prefix=ea_ timeout=100ms;

    # Define a zone: a shared-memory area that holds the counters.
    error_abuse_zone zone=client_errors:10m
                     key=$binary_remote_addr
                     statuses=403,404,500-599
                     interval=300s
                     threshold=100
                     block=60m
                     inactive=1h
                     persist=/var/lib/nginx/error-abuse-client_errors.state
                     persist_interval=5s;

    # Handy log line so you can see what the module decided.
    log_format main '$remote_addr $request $status '
                    'error_abuse=$error_abuse_status '
                    'count=$error_abuse_count';

    server {
        location / {
            error_abuse zone=client_errors;   # turn it on here
        }
    }
}

↑ back to index