Hi,
I using nginx latest stable version on two servers, first one is with ddos protection and every request to my website first go to that server and that server working as nginx proxy for second server where I also have all rest (nginx, php, mysql...)...
Because somebody attack my website (layer 7 attack - only php script) I want to limit parallel requests to main php script and that is homepage and I do it with ngx_http_limit_req_module on second server because on that server I have php scripts and I do it on this way:
limit_req_zone $http_x_forwarded_for zone=two:10m rate=1r/s;
location ~ \.php$ {
limit_req zone=two burst=5;
}
and this working very good but in error log file I don`t have attacker IP, nginx always log first server ip (proxy server), why? How to fix this? Like you can see I using $http_x_forwarded and this working, server bloking attacker IP but logging wrong IP...
Sorry for bad english!
I using nginx latest stable version on two servers, first one is with ddos protection and every request to my website first go to that server and that server working as nginx proxy for second server where I also have all rest (nginx, php, mysql...)...
Because somebody attack my website (layer 7 attack - only php script) I want to limit parallel requests to main php script and that is homepage and I do it with ngx_http_limit_req_module on second server because on that server I have php scripts and I do it on this way:
limit_req_zone $http_x_forwarded_for zone=two:10m rate=1r/s;
location ~ \.php$ {
limit_req zone=two burst=5;
}
and this working very good but in error log file I don`t have attacker IP, nginx always log first server ip (proxy server), why? How to fix this? Like you can see I using $http_x_forwarded and this working, server bloking attacker IP but logging wrong IP...
Sorry for bad english!