Limit_zone and limit_conn problem.

Maxim Dounin mdounin at
Sat Jan 23 21:28:13 MSK 2010


On Sat, Jan 23, 2010 at 08:51:29AM +0100, Piotr Karbowski wrote:

> Thanks you for your reply but I still dont understand it. Sometimes it
> seen to work, but sometimes no, no 503 error, multiple files at once
> etc.
> I wanna prevent mass downloading files from /specified/ dir but this
> limit_conn dont work as it should. have you any other idea how can I
> limit mass downloading?

Well, I've tried to explain that "multiple files at once" may not 
be the same from nginx point of view, and that's why you don't see 
503.  In the post you linked it's certainly the case.

Try the following test:

    http {
        limit_zone unique_zone_name $binary_remote_addr 10m; 
        sendfile on;
        sendfile_max_chunk 1m;
        server {
           location /download/ {
               limit_conn unique_zone_name 1;

Start downloading of something large (e.g. 4G) from /download/.  
Make sure it's downloaded via single request and data are flowing 
around (netstat & tcpdump are your friends).

Once you are checked the above - try starting another download 
from the same ip.  It should return 503.

Note well: nginx will process request without switching to another 
one until it will be able to fill up socket send buffer.  This may 
not happen at all if you are testing via fast local connection, 
your output_buffers are smaller than socket send buffer, and you 
are and not using limit_rate and/or sendfile with 
sendfile_max_chunk.  So requests will be processed in order by 
nginx, and you won't see 503.

Maxim Dounin

More information about the nginx mailing list