How to Prevent DDos attack on path /_next/static/...? Nginx? Middleware?
Unanswered
African Slender-snouted Crocodil… posted this in #help-forum
African Slender-snouted CrocodileOP
Please understand that English is my second language
Recently, there were bots attacking on my server's public folders and /_next/static/.. path to cause extra outbound traffic.
So I added request limit setting to my nginx.conf
The thing is, maybe because of next14 structure, it seems there are so many requests for normal users too. (Loading chunks file thingy)
rate=200r/m will ban the normal user just with two clicks on my page.
Event rate=100r/s will ban the normal user. And I found that rate=200r/s is the appropriate value.
The thing is, 200r/s will not be able to prevent any DDos attacks. It is meaningless.
What should I do in this case? It seems people on Google are only handling rate limit on /api not the /_next/static/..
Recently, there were bots attacking on my server's public folders and /_next/static/.. path to cause extra outbound traffic.
So I added request limit setting to my nginx.conf
limit_req_zone $binary_remote_addr zone=request_limit_per_ip:10m rate=200r/m;
location / {
limit_req zone=request_limit_per_ip burst=50 nodelay;
}The thing is, maybe because of next14 structure, it seems there are so many requests for normal users too. (Loading chunks file thingy)
rate=200r/m will ban the normal user just with two clicks on my page.
Event rate=100r/s will ban the normal user. And I found that rate=200r/s is the appropriate value.
The thing is, 200r/s will not be able to prevent any DDos attacks. It is meaningless.
What should I do in this case? It seems people on Google are only handling rate limit on /api not the /_next/static/..