By the time you get to UA, nginx has done a lot of work. You could 444 based on UA, then read that code in the log file with fail2ban or a clever script. That way you can block them at the firewall. It won't help immediately with the sequential number, but that really won't be a problem.
Original Message From: Grant Sent: Wednesday, December 14, 2016 2:15 PM To: nginx@nginx.org Reply To: nginx@nginx.org Subject: Re: limit_req per subnet? >> I rate limit them using the user-agent > > > Maybe this is the best solution, although of course it doesn't rate > limit real attackers. Is there a good method for monitoring which UAs > request pages above a certain rate so I can write a limit for them? Actually, is there a way to limit rate by UA on the fly? If so, can I do that and somehow avoid limiting multiple legitimate browsers with the same UA? - Grant _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
