liwsakilive
/ ddos.conf
Last active
August 13, 2019 08:07
— forked from mattia-beta/ddos.conf
IPtables DDoS Protection
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### 1: Drop invalid packets ### | |
| /sbin/iptables -t mangle -A PREROUTING -m conntrack --ctstate INVALID -j DROP | |
| ### 2: Drop TCP packets that are new and are not SYN ### | |
| /sbin/iptables -t mangle -A PREROUTING -p tcp ! --syn -m conntrack --ctstate NEW -j DROP | |
| ### 3: Drop SYN packets with suspicious MSS value ### | |
| /sbin/iptables -t mangle -A PREROUTING -p tcp -m conntrack --ctstate NEW -m tcpmss ! --mss 536:65535 -j DROP | |
| ### 4: Block packets with bogus TCP flags ### |
liwsakilive
/ iptables-udp-flood.txt
Created
April 13, 2019 19:42
— forked from thoward/iptables-udp-flood.txt
Prevent UDP flood
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Outbound UDP Flood protection in a user defined chain. | |
| iptables -N udp-flood | |
| iptables -A OUTPUT -p udp -j udp-flood | |
| iptables -A udp-flood -p udp -m limit --limit 50/s -j RETURN | |
| iptables -A udp-flood -j LOG --log-level 4 --log-prefix 'UDP-flood attempt: ' | |
| iptables -A udp-flood -j DROP |
liwsakilive
/ nginx-magento.conf
Last active
July 24, 2018 06:55
— forked from peerapach/nginx-magento.conf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| proxy_buffering on; | |
| proxy_cache_path /var/nginx/cache levels=1:2 keys_zone=STATIC:10m inactive=24h max_size=1g; | |
| limit_req_zone $binary_remote_addr zone=five_per_second:10m rate=5r/s; | |
| limit_req_zone $binary_remote_addr zone=ten_per_one_minute:10m rate=10r/m; | |
| server { | |
| listen 80; | |
| server_name www.yourdomain.com; |
liwsakilive
/ nginx_domain.conf
Created
July 4, 2018 10:47
magento use nginx reverse proxy protection
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| proxy_cache_path /var/nginx/cache levels=1:2 keys_zone=STATIC:10m | |
| inactive=24h max_size=1g; | |
| limit_req_zone $binary_remote_addr zone=clientlimit:10m rate=5r/s; | |
| limit_conn_zone $binary_remote_addr zone=name:10m; | |
| server { | |
| listen 80; | |
| server_name _; | |
| set $do_not_cache "0"; | |
| set $bypass "0"; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Slightly modified version from https://raw.githubusercontent.com/Nyr/openvpn-install/master/openvpn-install.sh | |
| # Run with sudo ./openvpn-install.sh and not sudo sh ./openvpn-install.sh as read command has issues with external triggering of scripts | |
| # OpenVPN road warrior installer for Debian, Ubuntu and CentOS | |
| # This script will work on Debian, Ubuntu, CentOS and probably other distros | |
| # of the same families, although no support is offered for them. It isn't | |
| # bulletproof but it will probably work if you simply want to setup a VPN on | |
| # your Debian/Ubuntu/CentOS box. It has been designed to be as unobtrusive and | |
| # universal as possible. |
NewerOlder