Check active connections to web server – DDOS solution

Here are few commands to check the active connection to apache or to any other web server, you can block IPs having too many connections :

Login to SSH and execute following commands with root access:

1.To see what IPs are connecting to server and how many connections exist from each IP:

netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

2.To see how many connections each IP on the server is receiving:

netstat -plan |grep :80 | awk '{print $4}' | cut -d: -f1 | sort | uniq -c | sort -n

3.Get total current active connections to Apache:

netstat -apn | grep :80 | wc -l

Get Apache status update from command line to see which domain is receiving maximum hits (cPanel/WHM server):

lynx http://localhost/whm-server-status

Read More

Get real IP address of visitor for Cloudflare nGinx solution

When you have setup your web sites on cloudflare, every visitor who visits your web site passes through cloudflare network so that his real IP gets changed into cloudflare’s IP address, in short cloudflare acts as proxy server for your web server.
For apache web server, cloudflare has already provided a module which can be installed to get real ip address of visitor.

Here it is :

https://support.cloudflare.com/hc/en-us/sections/200038166-How-do-I-restore-original-visitor-IP-to-my-server-logs-

Well they do not provide any module for nGinx, however it is built in function in nGinx server. You can enable it by adding following below code into your nginx.conf

Follow below steps:

Find nginx.conf file if you do not know the exact location from SSH:

# locate nginx.conf

Add below code in nginx.conf under http section:

set_real_ip_from   204.93.240.0/24;
set_real_ip_from   204.93.177.0/24;
set_real_ip_from   199.27.128.0/21;
set_real_ip_from   173.245.48.0/20;
set_real_ip_from   103.22.200.0/22;
set_real_ip_from   141.101.64.0/18;
set_real_ip_from   108.162.192.0/18;
real_ip_header     CF-Connecting-IP;

Now save changes and restart your nginx server

service nginx restart

That is all, now you will be able to get real ip address of the visitor.

Comments are welcome.