limit-req and greedy UAs

Grant emailgrant at
Mon Sep 12 20:23:08 UTC 2016

> ‎I have far more faith in this write up regarding tuning than the anti-ddos, though both have similarities.
> My interpretation is the user bandwidth is connections times rate. But you can't limit the connection to one because (again my interpretation) there can be multiple users behind one IP. Think of a university reading your website. Thus I am more comfortable limiting bandwidth than I am limiting the number of connections. ‎The 512k rate limit is fine. I wouldn't go any higher.

If I understand correctly, limit_req only works if the same connection
is used for each request.  My goal with limit_conn and limit_conn_zone
would be to prevent someone from circumventing limit_req by opening a
new connection for each request.  Given that, why would my
limit_conn/limit_conn_zone config be any different from my
limit_req/limit_req_zone config?

- Grant

> Should I basically duplicate my limit_req and limit_req_zone
> directives into limit_conn and limit_conn_zone? In what sort of
> situation would someone not do that?
> - Grant

More information about the nginx mailing list