Limit connections' erratic behaviour

Maxim Dounin mdounin at
Mon Mar 16 16:26:52 MSK 2009


On Mon, Mar 16, 2009 at 04:52:14PM +0530, Asif Ali wrote:

> Cliff - Apologies - This is a second email thread actually [the earlier one
> was posted days back]
> Here is the config:
> limit_zone   one  $binary_remote_addr  10m;
>  limit_conn one 150;
> The app receives several hundred hits per second from various different ip
> addresses.
> I want to block specific IP only from sending in more than 100 or 150
> requests per second..

Your understanding of what limit_conn does is wrong.  It's to 
limit number of simultaneous connections served, not requests per 
second.  It may be somewhat related to request per second only if 
requests take predictable time to answer.

If you want to limit requests per second - take a look at 
limit_req module in nginx 0.7.*.

> What I am getting is a reduction in total traffic and half that amount for
> ALL requests.

Also, take a look at what $binary_remote_addr (and $remote_addr) 
actually contains for you.  It may e.g. contain address of your 
load-balancer if you use one, and you should use realip module to 
fix this.

Maxim Dounin

More information about the nginx mailing list