We have lots of servers behind a proxy (nginx) and an IP. Users are reaching to their servers through proxy. We add their domain to proxy and route traffic to their servers.
The problem is sometimes we get DoS or DDoS attack directly to IP not to domains. Besides using fancy DDoS Mitigator, is there a solution to avoid DDoS to the related IP ?
Thanks in advance, Regards
Mitigating DDoS attacks is Hard (and expensive).
There are companies you can pay money to, who'll either provide you with a box you put in your datacentre, which does packet-filtering, but is immune to being flooded off the network. Such things are supplied by high-end firewall providers, like Arbor networks, etc.. I don't know how these things work. Apparently they do, but as ever, YMMV.
There are also DDoS mitigation services as a service (if that makes sense).. You get a DDoS mitigation tool, provided on a Pay As You Go (although, it's actually more like a monthly fixed-rate contract). You route all your traffic via their hosted service, and they provide you with a "clean pipe" which has been filtered by their cluster of expensive hardware.
The slow/old-fashioned way to do it is to work with your upstream provider to null-route the DDoS traffic before it reaches your servers.
I propose you do some googling around for DDOS mitigation services, I've given you one starting point in Arbor, who do both hosted and IaaS options, call a few vendors, go through the pre-sales spiel and let them fight amongst themselves for your custom.
There's a few reasonable starting points in the Wikipedia article. Pretty much every high-end firewall vendor I can think of has their own flavour of solution for it.