I am using nginx with cloudflare in front of my sites to protect them from layer 7 attacks but now some attackers found this new way and they are daily attacking my default IP directly with layer 7 attack instead of attacking the sites. I am returning 444 response to them when they open default page on direct ip address but still the attacks are too big so they are making all the site/server unavailable for few minutes and sometime for longer period depending on attack making Nginx busy.
So i wanted to ask if it's possible to disable port 80 access on default ip without affecting my other sites and services? These attacks are too big that that my log file for default vhost is becoming 1GB in less thn 1 hour so even returning 444 isn't working thats why i think blocking it at firewall level will be better?
Any suggestion how to achieve this with iptables?
I am using CentOS 6.9 with Ngiinx 1.13.
Anymore ideas? Still waiting!