Mitigating NTP attacks against ESXi 4.1
The `monlist` command against NTP servers is being used to launch DDOS attacks.
Sometimes you want to connect to a different set of upstream nodes from an NGINX load balancer.
18 April 2014 • 3 min read
nginx load balancerWhen you’re creating load balancing configurations in NGINX, sometimes you are going to want to route traffic from a certain IP address to a different set of upstream nodes. This may be because you have a CI environment which uses the same load balancer (staging) or could be for other reasons.
Regardless, create your alternative upstream:
upstream defaultNodes {
server 192.168.1.1; # default nodes...
}
upstream alternativeNodes {
server 192.168.1.100; # new nodes...
}
Then in the server directive, add the condition (assuming the public IP you want to route is 100.0.0.1):
location / {
proxy_pass http://defaultNodes/;
if ( $remote_addr ~* 100.0.0.1 ) {
proxy_pass http://alternativeNodes;
}
}
Published on 18 April 2014
nginx load balancerThe `monlist` command against NTP servers is being used to launch DDOS attacks.
If you use the internet, it's probably a good idea to reset your passwords. Don't say you haven't been warned.