Get the most out of your Centmin Mod LEMP stack
Become a Member

Security anti ddos without cloudflare

Discussion in 'System Administration' started by Kintaro, Nov 18, 2023.

  1. Kintaro

    Kintaro Member

    104
    11
    18
    Dec 2, 2016
    Italy
    Ratings:
    +30
    Local Time:
    5:37 AM
    1.15.x
    MariaDB 10
    Hello,

    I can't change nameserver so I can't use the free anti ddos from cloudflare in one of the domains I manage.

    I'm getting flooded by hong kong traffic and some other coutries? (I can't block hong kong traffic as some customer is from there).

    Have you some suggestion?
    I found some solutions on github, have you tried some of them?


    example:
    https://github.com/simon987/ngx_http_js_challenge_module
    https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker
    https://github.com/Sanix-Darker/AntiDDOS-system
     
  2. eva2000

    eva2000 Administrator Staff Member

    52,779
    12,079
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,606
    Local Time:
    1:37 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Why can't you change namservers?

    Probably would need Cloudflare. If you're using non Cloudflare Enterprise plans, for non-apex domains, you can use Cloudflare for SaaS https://developers.cloudflare.com/cloudflare-for-platforms/cloudflare-for-saas/ to extend Cloudflare service/product coverage for a non-Cloudflare domain i.e. sub.domain.com , without changing nameservers on sub.domain.com. If you have Cloudflare Enterprise plan, you can also extend Cloudflare service/product coverage to apex domains i.e. domain.com not using Cloudflare namservers. See what features each Cloudflare plan supports for Cloudflare for SaaS at https://developers.cloudflare.com/cloudflare-for-platforms/cloudflare-for-saas/plans/.

    I use Cloudflare for SaaS myself to extend my Cloudflare service/product coverage to domains not using Cloudflare or Cloudflare's nameservers :D

    For instance if I have a Cloudflare account with zone domain1.com using Cloudflare namservers. I can use Cloudflare for SaaS to add a custom hostname for sub.domain2.com where it doesn't use Cloudflare nameservers but now sub.domain2.com can use my Cloudflare account's domain1.com zone's CDN/CACHE/WAF (if on paid plans) to cover sub.domain2.com :) For non-Enteprise Cloudflare for SaaS setup https://developers.cloudflare.com/c...ms/cloudflare-for-saas/start/getting-started/

    Unfortunately, apex domain Cloudflare for SaaS proxying i.e. domain2.com is Enterprise plan only https://developers.cloudflare.com/c...r-saas/start/advanced-settings/apex-proxying/
    So for Cloudflare free, pro, business plans you can do non-apex domain i.e. subdomain proxying of non-Cloudflare nameserver domains i.e. sub.domain2.com or www.domain2.com but not non-www domain2.com unless you have Cloudflare Enterprise plan. Cloudflare Enterprise plan apex Cloudflare for SaaS at https://developers.cloudflare.com/c.../start/advanced-settings/apex-proxying/setup/

     
  3. brijendrasial

    brijendrasial Active Member

    202
    147
    43
    Mar 21, 2018
    Ratings:
    +229
    Local Time:
    9:07 AM
    1.13.9
    10.0.22-MariaDB
  4. eva2000

    eva2000 Administrator Staff Member

    52,779
    12,079
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,606
    Local Time:
    1:37 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Just remember, any DDOS mitigation solution that actually runs on same server, will be limited to how much load the same server can handle as opposed to offloaded solution like Cloudflare where they have their own network of 310+ cities and Edge locations and 228 Terabytes per second capacity https://www.cloudflare.com/network/ :)
     
  5. rdan

    rdan Well-Known Member

    5,439
    1,396
    113
    May 25, 2014
    Ratings:
    +2,185
    Local Time:
    11:37 AM
    Mainline
    10.2
  6. buik

    buik “The best traveler is one without a camera.”

    1,982
    517
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,644
    Local Time:
    5:37 AM
    In addition, neither Cloudflare nor any DDOS solution is sacred either. I did experience that even Cloudflare is going to 0 route you after 1 million + devices at the same time, running your site and start messing around. You can set it up as best you can, but complete prevention is never possible.
     
  7. Kintaro

    Kintaro Member

    104
    11
    18
    Dec 2, 2016
    Italy
    Ratings:
    +30
    Local Time:
    5:37 AM
    1.15.x
    MariaDB 10
    That particoular provider is so cheap that don't allow ns change :-(
    I forced my father in law to change provider and now I can change ns to cloudflare's. ;)