Server hardening without "If" conditions

Thomas Love tomlove at
Wed Jun 1 17:24:27 MSD 2011

On 1 June 2011 15:13, Igor Sysoev <igor at> wrote:
> On Wed, Jun 01, 2011 at 08:47:48AM -0400, pk899 wrote:
>> Hi. I notice that nginx with just the location rules and usual
>> directives results in mind-blowing performance. Apache Bench test shows
>> "115,000 requests per second" can be handled.
>> However, when I add a simple rule:
>>     if ($request_method !~ ^(GET|HEAD|POST)$ ) {
>>       return 444;
>>     }
>> Which I think is important from a point of view of getting rid of so
>> much junk that hits any modern server, the requests per second fall to
>> "1,200" !!!

How scientific is that test? Is 115,000 requests per second an
expected baseline performance? Did anything else change between tests?

And as someone else suggested, this is not really something you should
have to do in nginx in any case. It's like closing ports you don't
use. If your system is secure there's no need. If your system isn't
secure it won't help.


More information about the nginx mailing list