0.7.67 - limit_req problems
Maxim Dounin
mdounin at mdounin.ru
Wed Jun 16 20:48:13 MSD 2010
Hello!
On Wed, Jun 16, 2010 at 12:01:01PM -0400, zuzur wrote:
> Maxim Dounin Wrote:
> -------------------------------------------------------
>
> > > But it doesn't seem to work, my server is still
> > hit with many req/s,
> > > much more than what i specified in the
> > configuration.
> >
> > In /api/ location you explicitly return 444 for
> > all users. It's
> > not clear what effect do you expect from
> > limit_req/limit_conn
> > there but most likely it will be negative -
> > requests will be
> > delayed / or 503 will be returned instead of
> > immediate connection
> > close.
Sorry, missed: return 444; executed during rewrite phase, while
limit_req/limit_conn executed during pre-access phase, which is
later. So actually limit_req/limit_conn do nothing in your
config.
> In fact, just the inbound requests from a single host generate a
> sustained 600kb/s on our server. As we pay for this bandwidth, and no
> legitimate user should access this /api URI, i would really like to slow
> them down. If i could just make their requests sit there for 24 hours, i
> would do that. :-)
So you want to keep such connections open instead of immediately
closing them, right? limit_req will delay requests as long as
burst isn't yet reached, try setting big enough burst.
And add some actuall request processing to the picture, with
"return 444;" you'll see no effect.
> > > What am i doing wrong here ? do limit_*
> > directives really work in
> > > "location" directives ?
> >
> > Yes they do.
> >
>
> So any idea why they don't with my configuration ? I see tens of
> requests / s when my 'blackhole' limit_req_zone is set to allow 1 req
> per minute ! I must be doing something wrong, i just can't find what ...
> I didn't provide the full configuration as it was very long, but if
> needed i can paste it ...
See above.
Maxim Dounin
More information about the nginx
mailing list