Keeping your Nginx limit_* Anti-DDoS behind CloudFlare's servers

c0nw0nk nginx-forum at forum.nginx.org
Tue Sep 13 11:16:32 UTC 2016


I just found the following :
https://books.google.co.uk/books?id=ZO09CgAAQBAJ&pg=PA96&lpg=PA96&dq=$binary_

To conserve the space occupied by the key we use $binary_remote_addr It
evaluates into a binary value of the remote IP address

So it seems I should be doing this instead to keep the key in memory for
that IP small to reduce the memory footprint.

limit_req_zone $binary_http_cf_connecting_ip zone=one:10m rate=30r/m;
limit_conn_zone $binary_http_cf_connecting_ip zone=addr:10m;

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,269502,269513#msg-269513



More information about the nginx mailing list