Question
Is it possible to do rate limiting to the droplet
- Posted on June 11, 2019
- FirewallCentOS
Asked by karthikkanthaswamy
Hi team,
I’m looking for a mechanism to block the IP addresses on an incremental time block upon too many request.
- If a user sends 7-10 HTTP Requests in a second the IP should be blocked from accessing my server for 10 mins, again if it violates it should be blocked for 15 mins, 20 mins and so on.
Rather than using an application in server level like Fail2Ban. Can we do it from digital ocean console ?
Regards Karthik. K
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Want to learn more? Join the DigitalOcean Community!
Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.
It’s not to directly block but incremental temporary block.
I’m new and not 100% familiar with what you’re looking for but I limit my ssh and a few other ports with the limit option in the firewall.
Example if I wanted to limit standard ssh I would do it like this:
sudo ufw limit ssh/tcp
or
sudo ufw limit 22/tcp
Both will limit port 22.
@karthikkanthaswamy
While this is not something that can be done through our control panel, it can be accomplished by using the built-in functionality of NGINX or using
mod_ratelimiton Apache.Apache https://httpd.apache.org/docs/2.4/mod/mod_ratelimit.html
NGINX http://nginx.org/en/docs/http/ngx_http_limit_req_module.html
Additionally, there are third-party services, such as CloudFlare, which can provide more advanced options.
https://www.cloudflare.com/rate-limiting/