Nginx DDOS Protection by fail2ban

Posted By : Prakhar Budholiya | 15-Apr-2016

* First of all install fail2ban

# apt-get install fail2ban


* Now copy jail.local file to jail.conf.

# cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
# vim /etc/fail2ban/jail.local


*add following lines at the end of file, which defines the bantime, findtime, retries and actions.



enabled = true
filter = nginx-req-limit
action = iptables-multiport[name=ReqLimit, port="http,https", protocol=tcp]
logpath = /var/log/nginx/*error.log
findtime = 300
bantime = 3600
maxretry = 3

save and exit


* Create a filter in fail2ban to block the ips

# vim /etc/fail2ban/filter.d/nginx-req-limit.conf

failregex = limiting requests, excess:.* by zone.*client: <HOST>

ignoreregex =


* Now set a limit request in nginx as-

# vim /etc/nginx/sites-available/defaut

* here define any one name of the zone, and set the burst size

   location / {
                limit_req zone=one burst=10;
              try_files $uri $uri/ /index.php;


* Now define the limit_req_zone and rate in nginx file as-

# vim /etc/nginx/nginx.conf

        include /etc/nginx/mime.types;
        default_type application/octet-stream;
        limit_req_zone $binary_remote_addr zone=one:1m rate=1r/m;

save and exit


# service nginx restart

# service fail2ban restart



About Author

Author Image
Prakhar Budholiya

Prakhar is a linux administrator and well versed with linux and networking. he loves horse riding and is an athlete.

Request for Proposal

Name is required

Comment is required

Sending message..