simple mitigation HTTP/2 attack on nginx
a simple mitigation rules for nginx that uses http2 module ( using limit_conn and limit_req) :
#http/2 fast reset
keepalive_requests 1000;
http2_max_concurrent_streams 128;
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
limit_conn_zone $binary_remote_addr zone=perip:10m;
limit_conn_zone $server_name zone=perserver:10m;
limit_conn perip 60;
limit_conn perserver 100;
the modules impacted in this attack is ngx_http_v2_module , it’s an attack based on looping request and reset as fast as possible. Mitigation on requests based on burst of IPs is a fast solution to block malicious request tarpitting it.