Here is my config : http {
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s; limit_conn_zone $binary_remote_addr zone=addr:10m; server { location /secured/ { auth_basic "secured area"; auth_basic_user_file conf/htpasswd; limit_req zone=one burst=5; limit_conn addr 1; } } My question is with the nginx auth module should i still need to protect that area from flooding / ddos or will the auth module denying access be enough. Would like to know how well the auth module processes and does compared to the limit_req or limit_conn module and if i should keep those in my configuration or remove them since the auth module could be already doing all the work. Posted at Nginx Forum: https://forum.nginx.org/read.php?2,275321,275321#msg-275321 _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx