Runbook

Mitigating DDoS Attacks with NGINX

Back to Runbooks

Overview

This incident type is related to mitigating Distributed Denial of Service (DDoS) attacks using NGINX, which is a popular web server software. DDoS attacks involve overwhelming a server with a flood of traffic from multiple sources, resulting in a denial of service for legitimate users. To prevent such attacks, various techniques can be used such as limiting the rate of requests, number of connections, blocking requests, and using caching to smooth traffic spikes. NGINX can be configured to implement these techniques and provide protection against DDoS attacks.

Parameters

Debug

Check if NGINX is running

Check the current configuration of NGINX

Check the access and error logs of NGINX

Check the network traffic to the server using the tcpdump command

Check the number of active connections to the server

Check the number of connections per IP address

Check the NGINX cache status

Check the NGINX configuration for rate limiting

Check the NGINX configuration for connection limiting

Repair

Configure NGINX to limit the rate of requests to the server, so that it can handle traffic spikes without being overwhelmed.

Limiting the Number of Connections that can be opened by a single client IP address,

Close slow connections to free up server resources for legitimate users.

Learn more

Related Runbooks

Check out these related runbooks to help you debug and resolve similar issues.