I have rails3 + nginx stack.
Several days ago it was ddos attack with lots of GET requests similar to:
GET /?aaa2=bbbbbbb&ccc=1234212
GET /?aaa1=bbbbbbb&ccc=4324233
First of all I added to application controller rule:
before_filter :ddos_check
def ddos_check
params.each do |param|
if (!param[1].nil? && (param[1].is_a?String) && !param[1].scan(/bbb/sim).blank?)
redirect_to 'http://google.com/'
return
end
end
end
It protects controllers from heavy DB calls.
Is it any gems or nginx modules that can filter ddos messages with specific rules?
You should rather consider using a middleware like Rack::Attack. As it's lower in app stack it will filter out malicious request earlier and faster than Rails.
Rack middleware for blocking & throttling abusive requests
Rack::Attack is a rack middleware to protect your web app from bad clients. It allows whitelisting, blacklisting, throttling, and tracking based on arbitrary properties of the request.
If you take a look at gem readme there are nice examples how to handle cases such as yours. However keep in mind that if attackers are at least a little smart, they will notice your endeavour and try to outsmart them. DDOS protection is usually cat and mouse game.