Server hardening without "If" conditions
ktm at rice.edu
ktm at rice.edu
Wed Jun 1 16:57:27 MSD 2011
On Wed, Jun 01, 2011 at 08:47:48AM -0400, pk899 wrote:
> Hi. I notice that nginx with just the location rules and usual
> directives results in mind-blowing performance. Apache Bench test shows
> "115,000 requests per second" can be handled.
>
> However, when I add a simple rule:
>
> if ($request_method !~ ^(GET|HEAD|POST)$ ) {
> return 444;
> }
>
> Which I think is important from a point of view of getting rid of so
> much junk that hits any modern server, the requests per second fall to
> "1,200" !!!
>
> Is there any way around this? I would, if possible, prefer that my main
> web server be able to handle such basic stuff.
>
> Welcome any thoughts. Thanks!
>
> Posted at Nginx Forum: http://forum.nginx.org/read.php?2,202965,202965#msg-202965
>
Well, the test you added includes the regular expression calculations as well.
Can nginx use three simpler exact string matches instead? It may be faster.
Cheers,
Ken
More information about the nginx
mailing list