<html><head><meta http-equiv="Content-Security-Policy" content="script-src 'self'; img-src * cid: data:;"></head><body style="background-color: rgb(255, 255, 255); background-image: initial; line-height: initial;"><div id="response_container_BBPPID" style="outline:none;font-size:initial;font-family:"Calibri","Slate Pro",sans-serif,"sans-serif"" dir="auto" contenteditable="false"> <div name="BB10" dir="auto" style="width: 100%; padding: initial; font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);">It would be nice if all the requests were from different IP addresses. In real life, particularly with IPV4, you will get multiple connections from single IP addresses since they sit behind a nat router. </div><div name="BB10" id="BB10_response_div_BBPPID" dir="auto" style="width: 100%; padding: initial; font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);"><br></div><div name="BB10" id="BB10_response_div_BBPPID" dir="auto" style="width: 100%; padding: initial; font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);">I do the connection limiting in the firewall with Nginx limiting as a backup. This makes it easier to detect when limiting occurs. That is the limiting shows up in the security log. </div>                                                                                                                                      <div name="BB10" dir="auto" style="width: 100%; padding: initial; font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);"> <br style="display:initial"></div>                            <div id="blackberry_signature_BBPPID" name="BB10" dir="auto">     <div name="BB10" dir="auto" style="padding: initial; font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);"></div> </div></div><div id="_original_msg_header_BBPPID" dir="auto">                                                                                                                                             <table width="100%" style="background-color: white; border-spacing: 0px; display: table; outline: none;" contenteditable="false"><tbody><tr><td colspan="2" style="padding: initial; font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);">                           <div style="border-right: none; border-bottom: none; border-left: none; border-image: initial; border-top: 1pt solid rgb(181, 196, 223); padding: 3pt 0in 0in; font-family: Tahoma, "BB Alpha Sans", "Slate Pro"; font-size: 10pt;">  <div id="from"><b>From:</b> tongshushan@migu.cn</div><div id="sent"><b>Sent:</b> November 30, 2017 1:14 AM</div><div id="to"><b>To:</b> nginx@nginx.org</div><div id="reply_to"><b>Reply-to:</b> nginx@nginx.org</div><div id="subject"><b>Subject:</b> 回复: How to control the total requests in Ngnix</div></div></td></tr></tbody></table> <br> </div><!--start of _originalContent --><div name="BB10" dir="auto" style="background-image: initial; line-height: initial; outline: none;" contenteditable="false"><div id="ssc19785"><style>#ssc19785{line-height: 1.5;}#ssc19785 blockquote{margin-top: 0px;margin-bottom: 0px;margin-left: 0.5em;}#ssc19785 p{margin-top: 0px;margin-bottom: 0px;}#ssc19785{font-size: 10.5pt;font-family: "Microsoft YaHei UI";color: rgb(0, 0, 0);line-height: 1.5;}</style><div><div><span style="font-size:10.5pt;line-height:1.5">Additional:</span><span style="font-size:10.5pt;line-height:1.5"> the total requests will be sent from different client ips.</span></div><div><br></div><hr style="width:210px;min-height:1px" size="1" align="left"><div><div style="margin:10px;font-family:'verdana';font-size:10pt"><p style="margin:3.75pt 0cm;font-size:14px;font-family:'微软雅黑';line-height:21px"><span style="font-family:'微软雅黑' , sans-serif;font-size:12px">Tong</span></p></div></div><blockquote style="margin-top:0px;margin-bottom:0px;margin-left:0.5em"><div> </div><div style="border:none;border-top:solid #b5c4df 1pt;padding:3pt 0cm 0cm 0cm"><div style="padding-right:8px;padding-left:8px;font-size:12px;font-family:'tahoma';color:#000000;background:#efefef;padding-bottom:8px;padding-top:8px"><div><b>发件人:</b> <a href="mailto:tongshushan@migu.cn">tongshushan@migu.cn</a></div><div><b>发送时间:</b> <a href="tel:2017113017">2017-11-30 17</a>:12</div><div><b>收件人:</b> <a href="mailto:nginx@nginx.org">nginx</a></div><div><b>主题:</b> How to control the total requests in Ngnix</div></div></div><div><div class="FoxDiv20171130171306556031">
<div>Hi guys,</div><div><br></div><div>I want to use ngnix to protect my system,to allow max 2000 requests sent to my service(http location).</div><div>The below configs are only for per client ip,not for the <span style="font-size:10.5pt;line-height:1.5"><b>total </b>requests control.</span></div><div><table border="1" cellpadding="2" cellspacing="0" style="font-size:10pt;border-collapse:collapse" width="50%"><tbody><tr><td width="100%" nowrap="">



<p class="MsoNormal" style="margin:0px 0cm;text-align:justify;font-size:10.5pt;font-family:'calibri' , sans-serif"><span style="font-size:9pt"><span style="font-family:'verdana';font-size:small">##########method 1##########</span></span></p><p class="MsoNormal" style="margin:0px 0cm;text-align:justify;font-size:10.5pt;font-family:'calibri' , sans-serif"><span style="font-size:9pt"><br></span></p><p class="MsoNormal" style="margin:0px 0cm;text-align:justify;font-size:10.5pt;font-family:'calibri' , sans-serif"><span style="font-size:9pt">limit_conn_zone
$binary_remote_addr zone=addr:10m;</span></p>
<p class="MsoNormal" style="margin:0px 0cm;text-align:justify;font-size:10.5pt;font-family:'calibri' , sans-serif"><span style="font-size:9pt">server {<!-- --></span></p>
<p class="MsoNormal" style="text-indent:21pt;margin:0px 0cm;text-align:justify;font-size:10.5pt;font-family:'calibri' , sans-serif"><span style="font-size:9pt">location /mylocation/ {<!-- --></span></p>
<p class="MsoNormal" style="margin:0px 0cm;text-align:justify;font-size:10.5pt;font-family:'calibri' , sans-serif"><span style="font-size:9pt">                            <b>limit_conn addr 2;</b></span></p>
<p class="MsoNormal" style="margin:0px 0cm;text-align:justify;font-size:10.5pt;font-family:'calibri' , sans-serif"><span style="font-size:9pt">                            proxy_pass
http://my_server/mylocation/;</span></p>
<p class="MsoNormal" style="margin:0px 0cm;text-align:justify;font-size:10.5pt;font-family:'calibri' , sans-serif"><span style="font-size:9pt">                            proxy_set_header
Host $host:$server_port;                       </span></p>
<p class="MsoNormal" style="margin:0px 0cm;text-align:justify;font-size:10.5pt;font-family:'calibri' , sans-serif"><span style="font-size:9pt">         }</span></p>
<font size="2" face="Verdana"><div><span style="font-family:'calibri' , sans-serif;font-size:9pt;line-height:1.5">}</span> </div><div><br></div><div>##########method 2##########</div><div><br></div><div>



<p class="MsoNormal" style="margin:0px 0cm;text-align:justify;font-size:10.5pt;font-family:'calibri' , sans-serif"><span style="font-size:9pt">limit_req_zone
$binary_remote_addr zone=one:10m<b>
rate=10r/s</b>;</span></p>
<p class="MsoNormal" style="margin:0px 0cm;text-align:justify;font-size:10.5pt;font-family:'calibri' , sans-serif"><span style="font-size:9pt">server {<!-- --></span></p>
<p class="MsoNormal" style="text-indent:21pt;margin:0px 0cm;text-align:justify;font-size:10.5pt;font-family:'calibri' , sans-serif"><span style="font-size:9pt">location /mylocation/ {<!-- --></span></p>
<p class="MsoNormal" style="margin:0px 0cm;text-align:justify;font-size:10.5pt;font-family:'calibri' , sans-serif"><span style="font-size:9pt">                            <b>limit_req zone=one burst=5 nodelay;</b></span></p>
<p class="MsoNormal" style="margin:0px 0cm;text-align:justify;font-size:10.5pt;font-family:'calibri' , sans-serif"><span style="font-size:9pt">                            proxy_pass
http://my_server/mylocation/;</span></p>
<p class="MsoNormal" style="margin:0px 0cm;text-align:justify;font-size:10.5pt;font-family:'calibri' , sans-serif"><span style="font-size:9pt">                            proxy_set_header
Host $host:$server_port;                       </span></p>
<p class="MsoNormal" style="margin:0px 0cm;text-align:justify;font-size:10.5pt;font-family:'calibri' , sans-serif"><span style="font-size:9pt">         }</span></p>
<span style="font-size:9pt;font-family:'calibri' ,">}</span>
</div><div><br></div><div><br></div></font></td></tr></tbody></table></div><div><br></div><div>How can I do it?</div><div><br></div>
<div><br></div><hr style="width:210px;min-height:1px" size="1" align="left">
<div><span style="font-size:12px"><div style="margin:10px"><p style="margin:0px 0cm;line-height:21px"><font face="微软雅黑, sans-serif">Tong</font></p></div></span></div>
</div></div></blockquote></div></div><!--end of _originalContent --></div></body></html>