DDoS attacks are a headache for any system administrator. At the same time, many companies cannot afford expensive commercial protection solutions like Arbor or Akamai. The good news is that there are affordable and effective methods that can be implemented in a couple of hours.
In this article, we will tell you how to use Nginx, Fail2Ban, Cloudflare, and rate-limiting to protect your server from DDoS attacks on your own.
⚙️ Nginx: the first line of defense
Nginx is not only a web server, but also a powerful traffic management tool. Using rate limiting, you can limit the number of requests from one IP.
Configuration example:
http {
limit_req_zone $binary_remote_addr zone=ddos:10m rate=10r/s;
server {
location / {
limit_req zone=ddos burst=20 nodelay;
proxy_pass http://localhost:8080;
}
}
}- rate=10r/s — 10 requests per second from one IP.
- burst=20 — a short burst of up to 20 requests is allowed.
🛡️ Fail2Ban: blocking attackers
Fail2Ban analyzes logs and blocks IPs that are seen in suspicious activity (many 403, 404, POST requests, etc.).
Filter example /etc/fail2ban/filter.d/nginx-ddos.conf:
[Definition]
failregex = ^ -."(GET|POST).HTTP.*" 4\d{2}
ignoreregex =Jail configuration /etc/fail2ban/jail.d/nginx-ddos.conf:
[nginx-ddos]
enabled = true
port = http,https
filter = nginx-ddos
logpath = /var/log/nginx/access.log
maxretry = 20
findtime = 60
bantime = 3600
⏳ An IP address that sends more than 20 bad requests per minute will be blocked for an hour.
☁️ Cloudflare: Free DNS-level protection
Cloudflare offers basic DDoS protection for free:
- L3/L4 protection (UDP, SYN flood, etc.)
- Rate Limiting and Bot Management
- Challenge Pages (JS, CAPTCHA)
✅ Enable “Under Attack” mode to automatically check every request.
✅ Configure Rate Limiting via Cloudflare Dashboard.
🧠 Rate-limiting at the application level
If you don’t have Nginx or you use Python/Node.js, you can also limit requests at the code level.
Example for Express.js (Node.js):
const rateLimit = require("express-rate-limit");
const limiter = rateLimit({
windowMs: 60 * 1000, // 1 минута
max: 100 // не более 100 запросов в минуту
});
app.use(limiter);
📋 Comparison table
| Tool | Level | Advantages | Flaws |
|---|---|---|---|
| Nginx | HTTP/Layer 7 | Fast, built-in | Requires fine tuning |
| Fail2Ban | OS/Log | Flexible, log analysis | It may not block everything. |
| Cloudflare | DNS/Layer 3-4 | The free level is good | Dependency on a third-party service |
| Express Rate | Application | Suitable for APIs and microservices | Vulnerable to high flow |
💡 Useful tips
- Always limit POST requests – they are most often used in attacks.
- Logs are your eyes. Analyze access.log to detect anomalies.
- Use GeoIP if you are attacked from a specific region.
- Monitor the load in real time (htop, netstat, Grafana + Prometheus).
You don’t have to spend thousands of dollars on protection. Skillful use of Nginx, Fail2Ban and Cloudflare can repel most DDoS attacks. The main thing is not to ignore alarm signals and build multi-layered protection.
And remember: it is better to spend 2 hours setting up today than 12 hours restoring tomorrow.
Leave a Reply