I have 2 website running on VPS. Their purpose is sharing music files and publishing news. Both of them use wordpress.
What I am trying is that I want to prevent little hackers from flooding the webserver and putting stress on the server to make it crash.
The problem is that after using limit_req_zone
and limit_req
my website became very slow. Browsing Wordpress control panel takes a long long time. I tried changing values but it didn't improve much. I guess the problem is Wordpress because it's the only script I am using on both front and back end.
Here is the last setting which seems to be more responsive than others :
limit_req_zone $binary_remote_addr zone=flood:5m rate=10r/m;
location ~ \.php$ {
limit_req zone=flood burst=100 nodelay;
}
What are the optimal values that should be used in my case (wp) ? I want the website have it's normal behavior, On the other hand stopping lifeless people from flooding.
Another question, Is it safe and enough to use limit_req
only on php files ?
1 Answers