Good news to those under attacks - Igor released new module ngx_limit_req_module in 0.7.21 Nginx version which allows to limit connections per IP with optional burst value. We have tested on several production servers and found results to be close to amazing!
You may set limit, say 1-2 requests per second per IP but allow that IP to burst, say 100-200 requests per second with or without delay (if that IP would try to continue bursting 503 error will be returned). Wow! We felt in love to that feature!
nginx is starting to mirror many features of litespeed. Litespeed should also add a burst value too to the connection/request throttling.
Reduces security risk and costs
By delivering very secure code, isolating the Web server from the operating system, and adding features such as header cloaking and reverse-proxy functionality, Web Server reduces both the risk of Web server security incidents and the cost of operations.
Maximizes uptime with minimal administration
Multiprocess mode and automatic failover ensure that requests to the server are handled even when a process goes down, and that the failed process is restarted automatically - without need for administrator intervention.
Delivers 8x better performance than Apache 2.0 with Tomcat for superior application response time.
Also provides protection from distributed attacks by providing request mapping for both URIs and IP
It seems to have many nice features, hope LS will pick them up at some point.