This is the second time I am getting DDOS'd since i've moved hosts

[eva2000]

There's a few options -

• Use Cloudflare's API to block IPs at the Cloudflare level (limited to 50k IPs), this would be by far the best option
• Use iptables' string matching to block based on the x-forwarded-for header (would have to disable HTTPS on your origin)
• Deny the IPs with nginx or whatever httpd you're using

Any of these options can be setup with fail2ban and the actionban command.

Yup, I wrote up about using CSF Firewall for Centmin Mod users + fail2ban passing ban IPs to Cloudflare Firewall via Cloudflare API at https://community.centminmod.com/threads/fail2ban-for-centmin-mod-csf-firewall-cloudflare-api.11687/ - haven't touched the code in ages https://github.com/centminmod/centminmod-fail2ban though some Centmin Mod folks are using it ok still.

One of my Centmin Mod users posted how he's using Nginx lua scripting with fail2ban and redis caching to rate limit and ban requests at Nginx level without using a firewall at https://community.centminmod.com/threads/how-to-limit-requests-and-ban-those-hitting-the-limit.7185/

Requirements:

• LUA RESTY.
• Redis
• Fail2Ban
• ip_blacklist

What we will do:

• We will use ip_blacklist.lua to blacklist IP's that reaches the request limit.
• We will limit requests to Documents to 20 requests a second.
• When someone reaches that limit, they will be "banned" from accessing your server in 3600 seconds.
• We will use redis to ban, redis stores the IP's in memory which is perfect & fast.

Note Centmin Mod latest 123.09beta01 optionally supports Nginx lua modules it's disabled by default but can be enabled by end users for use with their own Lua scripting.

Cloudflare uses Nginx lua for part of it's work too see https://blog.cloudflare.com/pushing-nginx-to-its-limit-with-lua/

Other examples of Nginx lua

• https://blog.cloud66.com/supercharging-nginx-with-lua/
• https://blog.cloud66.com/supercharging-nginx-with-lua-part-2/
• https://blog.cloud66.com/supercharging-nginx-with-lua-part-3/