Server hardening without "If" conditions
ktm at rice.edu
ktm at rice.edu
Wed Jun 1 17:36:28 MSD 2011
On Wed, Jun 01, 2011 at 09:02:23AM -0400, pk899 wrote:
> ktm2 Wrote:
> -------------------------------------------------------
> > On Wed, Jun 01, 2011 at 08:47:48AM -0400, pk899
> > wrote:
> > > Hi. I notice that nginx with just the location
> > rules and usual
> > > directives results in mind-blowing performance.
> > Apache Bench test shows
> > > "115,000 requests per second" can be handled.
> > >
> > > However, when I add a simple rule:
> > >
> > > if ($request_method !~ ^(GET|HEAD|POST)$ ) {
> > > return 444;
> > > }
> > >
> > > Which I think is important from a point of view
> > of getting rid of so
> > > much junk that hits any modern server, the
> > requests per second fall to
> > > "1,200" !!!
> > >
> > > Is there any way around this? I would, if
> > possible, prefer that my main
> > > web server be able to handle such basic stuff.
> > >
> > > Welcome any thoughts. Thanks!
> > >
> > > Posted at Nginx Forum:
> > http://forum.nginx.org/read.php?2,202965,202965#ms
> > g-202965
> > >
> >
> > Well, the test you added includes the regular
> > expression calculations as well.
> > Can nginx use three simpler exact string matches
> > instead? It may be faster.
> >
> > Cheers,
> > Ken
>
>
>
> Thanks Ken. How would you write this though?
>
> if ($request_method != "GET" and $request_method != "POST" and
> $request_method != "HEAD") {
> return 444;
> }
>
> This is not correct syntax?
>
> Posted at Nginx Forum: http://forum.nginx.org/read.php?2,202965,202969#msg-202969
>
I am just learning about nginx so I am not familiar with the syntax yet. But
your query would still require checking three separate conditions before proceeding.
Could check three separate times and proceed after each one:
if ($request_method == "GET") {
go...
}
if ($request_method == "POST") {
go...
}
...
return 444;
And order them most likely to least likely.
Cheers,
Ken
More information about the nginx
mailing list