<html><head><meta http-equiv="Content-Security-Policy" content="script-src 'self'; img-src * cid: data:;"></head><body style="background-color: rgb(255, 255, 255); background-image: initial; line-height: initial;"><div id="response_container_BBPPID" style="outline:none;font-size:initial;font-family:"Calibri","Slate Pro",sans-serif,"sans-serif"" dir="auto" contenteditable="false"> <div name="BB10" dir="auto" style="width: 100%; padding: initial; font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);">I think a limit of two connections per address is too low. I know that tip pages suggest a low limit in so-called anti-DDOS (really just flood protection). Some large carriers can generate 30+ connections per IP, probably because they lack sufficient IPV4 address space for their millions of users. This is based on my logs. I used to have a limit of 10 and it was reached quite often just from corporate users. </div><div name="BB10" id="BB10_response_div_BBPPID" dir="auto" style="width: 100%; padding: initial; font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);"><br></div><div name="BB10" id="BB10_response_div_BBPPID" dir="auto" style="width: 100%; padding: initial; font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);">The 10 per second rate is fine, and probably about as low as you should go. </div><div name="BB10" id="BB10_response_div_BBPPID" dir="auto" style="width: 100%; padding: initial; font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);"><br></div><div name="BB10" id="BB10_response_div_BBPPID" dir="auto" style="width: 100%; padding: initial; font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);">What does 2000 requests mean? Is that per second? </div><div name="BB10" id="BB10_response_div_BBPPID" dir="auto" style="width: 100%; padding: initial; font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);"><br></div>                                                                                                                                      <div name="BB10" dir="auto" style="width: 100%; padding: initial; font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);"> <br style="display:initial"></div>                            <div id="blackberry_signature_BBPPID" name="BB10" dir="auto">     <div name="BB10" dir="auto" style="padding: initial; font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);"></div> </div></div><div id="_original_msg_header_BBPPID" dir="auto">                                                                                                                                             <table width="100%" style="background-color: white; border-spacing: 0px; display: table; outline: none;" contenteditable="false"><tbody><tr><td colspan="2" style="padding: initial; font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);">                           <div style="border-right: none; border-bottom: none; border-left: none; border-image: initial; border-top: 1pt solid rgb(181, 196, 223); padding: 3pt 0in 0in; font-family: Tahoma, "BB Alpha Sans", "Slate Pro"; font-size: 10pt;">  <div id="from"><b>From:</b> tongshushan@migu.cn</div><div id="sent"><b>Sent:</b> November 30, 2017 1:14 AM</div><div id="to"><b>To:</b> nginx@nginx.org</div><div id="reply_to"><b>Reply-to:</b> nginx@nginx.org</div><div id="subject"><b>Subject:</b> 回复: How to control the total requests in Ngnix</div></div></td></tr></tbody></table> <br> </div><!--start of _originalContent --><div name="BB10" dir="auto" style="background-image: initial; line-height: initial; outline: none;" contenteditable="false"><div id="ssc19785"><style>#ssc19785{line-height: 1.5;}#ssc19785 blockquote{margin-top: 0px;margin-bottom: 0px;margin-left: 0.5em;}#ssc19785 p{margin-top: 0px;margin-bottom: 0px;}#ssc19785{font-size: 10.5pt;font-family: "Microsoft YaHei UI";color: rgb(0, 0, 0);line-height: 1.5;}</style><div><div><span style="font-size:10.5pt;line-height:1.5">Additional:</span><span style="font-size:10.5pt;line-height:1.5"> the total requests will be sent from different client ips.</span></div><div><br></div><hr style="width:210px;min-height:1px" size="1" align="left"><div><div style="margin:10px;font-family:'verdana';font-size:10pt"><p style="margin:3.75pt 0cm;font-size:14px;font-family:'微软雅黑';line-height:21px"><span style="font-family:'微软雅黑' , sans-serif;font-size:12px">Tong</span></p></div></div><blockquote style="margin-top:0px;margin-bottom:0px;margin-left:0.5em"><div> </div><div style="border:none;border-top:solid #b5c4df 1pt;padding:3pt 0cm 0cm 0cm"><div style="padding-right:8px;padding-left:8px;font-size:12px;font-family:'tahoma';color:#000000;background:#efefef;padding-bottom:8px;padding-top:8px"><div><b>发件人：</b> <a href="mailto:tongshushan@migu.cn">tongshushan@migu.cn</a></div><div><b>发送时间：</b> <a href="tel:2017113017">2017-11-30 17</a>:12</div><div><b>收件人：</b> <a href="mailto:nginx@nginx.org">nginx</a></div><div><b>主题：</b> How to control the total requests in Ngnix</div></div></div><div><div class="FoxDiv20171130171306556031">
<div>Hi guys,</div><div><br></div><div>I want to use ngnix to protect my system,to allow max 2000 requests sent to my service(http location).</div><div>The below configs are only for per client ip,not for the <span style="font-size:10.5pt;line-height:1.5"><b>total </b>requests control.</span></div><div><table border="1" cellpadding="2" cellspacing="0" style="font-size:10pt;border-collapse:collapse" width="50%"><tbody><tr><td width="100%" nowrap="">



<p class="MsoNormal" style="margin:0px 0cm;text-align:justify;font-size:10.5pt;font-family:'calibri' , sans-serif"><span style="font-size:9pt"><span style="font-family:'verdana';font-size:small">##########method 1##########</span></span></p><p class="MsoNormal" style="margin:0px 0cm;text-align:justify;font-size:10.5pt;font-family:'calibri' , sans-serif"><span style="font-size:9pt"><br></span></p><p class="MsoNormal" style="margin:0px 0cm;text-align:justify;font-size:10.5pt;font-family:'calibri' , sans-serif"><span style="font-size:9pt">limit_conn_zone
$binary_remote_addr zone=addr:10m;</span></p>
<p class="MsoNormal" style="margin:0px 0cm;text-align:justify;font-size:10.5pt;font-family:'calibri' , sans-serif"><span style="font-size:9pt">server {<!-- --></span></p>
<p class="MsoNormal" style="text-indent:21pt;margin:0px 0cm;text-align:justify;font-size:10.5pt;font-family:'calibri' , sans-serif"><span style="font-size:9pt">location /mylocation/ {<!-- --></span></p>
<p class="MsoNormal" style="margin:0px 0cm;text-align:justify;font-size:10.5pt;font-family:'calibri' , sans-serif"><span style="font-size:9pt">                            <b>limit_conn addr 2;</b></span></p>
<p class="MsoNormal" style="margin:0px 0cm;text-align:justify;font-size:10.5pt;font-family:'calibri' , sans-serif"><span style="font-size:9pt">                            proxy_pass
http://my_server/mylocation/;</span></p>
<p class="MsoNormal" style="margin:0px 0cm;text-align:justify;font-size:10.5pt;font-family:'calibri' , sans-serif"><span style="font-size:9pt">                            proxy_set_header
Host $host:$server_port;                       </span></p>
<p class="MsoNormal" style="margin:0px 0cm;text-align:justify;font-size:10.5pt;font-family:'calibri' , sans-serif"><span style="font-size:9pt">         }</span></p>
<font size="2" face="Verdana"><div><span style="font-family:'calibri' , sans-serif;font-size:9pt;line-height:1.5">}</span> </div><div><br></div><div>##########method 2##########</div><div><br></div><div>



<p class="MsoNormal" style="margin:0px 0cm;text-align:justify;font-size:10.5pt;font-family:'calibri' , sans-serif"><span style="font-size:9pt">limit_req_zone
$binary_remote_addr zone=one:10m<b>
rate=10r/s</b>;</span></p>
<p class="MsoNormal" style="margin:0px 0cm;text-align:justify;font-size:10.5pt;font-family:'calibri' , sans-serif"><span style="font-size:9pt">server {<!-- --></span></p>
<p class="MsoNormal" style="text-indent:21pt;margin:0px 0cm;text-align:justify;font-size:10.5pt;font-family:'calibri' , sans-serif"><span style="font-size:9pt">location /mylocation/ {<!-- --></span></p>
<p class="MsoNormal" style="margin:0px 0cm;text-align:justify;font-size:10.5pt;font-family:'calibri' , sans-serif"><span style="font-size:9pt">                            <b>limit_req zone=one burst=5 nodelay;</b></span></p>
<p class="MsoNormal" style="margin:0px 0cm;text-align:justify;font-size:10.5pt;font-family:'calibri' , sans-serif"><span style="font-size:9pt">                            proxy_pass
http://my_server/mylocation/;</span></p>
<p class="MsoNormal" style="margin:0px 0cm;text-align:justify;font-size:10.5pt;font-family:'calibri' , sans-serif"><span style="font-size:9pt">                            proxy_set_header
Host $host:$server_port;                       </span></p>
<p class="MsoNormal" style="margin:0px 0cm;text-align:justify;font-size:10.5pt;font-family:'calibri' , sans-serif"><span style="font-size:9pt">         }</span></p>
<span style="font-size:9pt;font-family:'calibri' ,">}</span>
</div><div><br></div><div><br></div></font></td></tr></tbody></table></div><div><br></div><div>How can I do it?</div><div><br></div>
<div><br></div><hr style="width:210px;min-height:1px" size="1" align="left">
<div><span style="font-size:12px"><div style="margin:10px"><p style="margin:0px 0cm;line-height:21px"><font face="微软雅黑, sans-serif">Tong</font></p></div></span></div>
</div></div></blockquote></div></div><!--end of _originalContent --></div></body></html>