Web Route server for prevent ddos Layer 3 or 4

I’m newbie in firewall stuff i need to know is there any solution for just routing the WEB/http request in Layer 3 and Check ratelimit of ips or Dos or DDos check then if okey send to acctual webserver like nginx and add X-Forwarder-For or X-Real-Ip to tell nginx what’s acctual client ip.

Normal senario
[Normal Request] =====> [IPFire] ====> [Nginx] (Ngninx will known what’s acctual client IP adress)

Dos or ddos
[Dos/DDos] =====x [IPFire] [Nginx]

Hello Muhammad,

I am not sure if I understand your question, but I will give it a try:

  • Yes, IPFire provides nginx as a package. You could use it as reverse proxy and configure it to limit connections, etc. I would recommend haproxy, which is a lot better for this job.

  • IPFire can limit the number of connections being forwarded to your web server. You can limit to a total of X connections or to X connections per time slot (not more than 10 new connections a second for example).