Server hardening without "If" conditions
Thomas Love
tomlove at gmail.com
Wed Jun 1 17:24:27 MSD 2011
On 1 June 2011 15:13, Igor Sysoev <igor at sysoev.ru> wrote:
> On Wed, Jun 01, 2011 at 08:47:48AM -0400, pk899 wrote:
>> Hi. I notice that nginx with just the location rules and usual
>> directives results in mind-blowing performance. Apache Bench test shows
>> "115,000 requests per second" can be handled.
>>
>> However, when I add a simple rule:
>>
>> if ($request_method !~ ^(GET|HEAD|POST)$ ) {
>> return 444;
>> }
>>
>> Which I think is important from a point of view of getting rid of so
>> much junk that hits any modern server, the requests per second fall to
>> "1,200" !!!
How scientific is that test? Is 115,000 requests per second an
expected baseline performance? Did anything else change between tests?
And as someone else suggested, this is not really something you should
have to do in nginx in any case. It's like closing ports you don't
use. If your system is secure there's no need. If your system isn't
secure it won't help.
Thomas
More information about the nginx
mailing list