viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add crowdsec policies for 403 and 429; use nginx to rate limit brute force attacks and then ban them [ci skip]

Browse source
This commit is contained in:
Viktor Barzin 2025-10-13 20:12:37 +00:00
parent b15246a2cb
commit f17d73cc62
3 changed files with 58 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
modules/kubernetes/ingress_factory/main.tf
View file

@ -88,9 +88,9 @@ resource "kubernetes_ingress_v1" "proxied-ingress" {
"nginx.ingress.kubernetes.io/proxy-buffering" : "on"
# DDOS protection
"nginx.ingress.kubernetes.io/limit-connections" : 500
"nginx.ingress.kubernetes.io/limit-connections" : 100
"nginx.ingress.kubernetes.io/limit-rps" : 10
"nginx.ingress.kubernetes.io/limit-rpm" : 60
"nginx.ingress.kubernetes.io/limit-rpm" : 30
"nginx.ingress.kubernetes.io/limit-burst-multiplier" : 10
"nginx.ingress.kubernetes.io/limit-rate-after" : 10
"nginx.ingress.kubernetes.io/configuration-snippet" = <<-EOF