How to control the total requests in Ngnix

tongshushan at migu.cn tongshushan at migu.cn
Fri Dec 1 02:12:48 UTC 2017 

my website is busier than I think I can handle



Tong
 
From: Peter Booth
Date: 2017-12-01 06:25
To: nginx
Subject: Re: How to control the total requests in Ngnix
So what exactly are you trying to protect against?
Against “bad people” or “my website is busier than I think I can handle?”

Sent from my iPhone

On Nov 30, 2017, at 6:52 AM, "tongshushan at migu.cn" <tongshushan at migu.cn> wrote:

  a limit of two connections per address is just a example.
 What does 2000 requests mean? Is that per second?   yes,it's QPS.



童树山
咪咕视讯科技有限公司 研发部
Mobile:13818663262
Telephone:021-51856688(81275)
Email:tongshushan at migu.cn
 
发件人: Gary
发送时间: 2017-11-30 17:44
收件人: nginx
主题: Re: 回复: How to control the total requests in Ngnix
I think a limit of two connections per address is too low. I know that tip pages suggest a low limit in so-called anti-DDOS (really just flood protection). Some large carriers can generate 30+ connections per IP, probably because they lack sufficient IPV4 address space for their millions of users. This is based on my logs. I used to have a limit of 10 and it was reached quite often just from corporate users. 

The 10 per second rate is fine, and probably about as low as you should go. 

What does 2000 requests mean? Is that per second? 


From: tongshushan at migu.cn
Sent: November 30, 2017 1:14 AM
To: nginx at nginx.org
Reply-to: nginx at nginx.org
Subject: 回复: How to control the total requests in Ngnix

Additional: the total requests will be sent from different client ips.



Tong
 
发件人: tongshushan at migu.cn
发送时间: 2017-11-30 17:12
收件人: nginx
主题: How to control the total requests in Ngnix
Hi guys,

I want to use ngnix to protect my system,to allow max 2000 requests sent to my service(http location).
The below configs are only for per client ip,not for the total requests control.
##########method 1##########

limit_conn_zone $binary_remote_addr zone=addr:10m;
server {
location /mylocation/ {
                            limit_conn addr 2;
                            proxy_pass http://my_server/mylocation/;
                            proxy_set_header Host $host:$server_port;                       
         }
} 

##########method 2##########

limit_req_zone $binary_remote_addr zone=one:10m rate=10r/s;
server {
location /mylocation/ {
                            limit_req zone=one burst=5 nodelay;
                            proxy_pass http://my_server/mylocation/;
                            proxy_set_header Host $host:$server_port;                       
         }
} 



How can I do it?




Tong
_______________________________________________
nginx mailing list
nginx at nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20171201/ecc74110/attachment.html>

More information about the nginx mailing list