<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto">So what exactly are you trying to protect against?<div>Against “bad people” or “my website is busier than I think I can handle?”<br><br><div id="AppleMailSignature">Sent from my iPhone</div><div><br>On Nov 30, 2017, at 6:52 AM, "<a href="mailto:tongshushan@migu.cn">tongshushan@migu.cn</a>" <<a href="mailto:tongshushan@migu.cn">tongshushan@migu.cn</a>> wrote:<br><br></div><blockquote type="cite"><div><meta http-equiv="content-type" content="text/html; charset=UTF-8"><style>body { line-height: 1.5; }blockquote { margin-top: 0px; margin-bottom: 0px; margin-left: 0.5em; }p { margin-top: 0px; margin-bottom: 0px; }div.FoxDiv20171130195104879389 { line-height: initial; background-image: initial; background-color: rgb(255, 255, 255); }body { font-size: 10.5pt; font-family: 'Microsoft YaHei UI'; color: rgb(0, 0, 0); line-height: 1.5; }</style>
<div><span style="font-family: calibri, sans-serif; font-size: 12px; line-height: normal; text-align: justify; white-space: nowrap;"> </span><span style="font-family: Calibri, 'Slate Pro', sans-serif, sans-serif; font-size: medium; line-height: normal; background-color: window;"> </span><span style="font-family: Calibri, 'Slate Pro', sans-serif, sans-serif; font-size: medium; line-height: normal; background-color: window;"><b>a limit of two connections per address</b> is just a example.</span></div><div><span style="font-family: Calibri, 'Slate Pro', sans-serif, sans-serif; font-size: medium; line-height: normal;"> What does 2000 requests mean? Is that per second?   <font color="#0000ff">yes，it's QPS.</font></span></div>
<div><br></div><hr style="width: 210px; height: 1px;" color="#b5c4df" size="1" align="left">
<div><span><div style="MARGIN: 10px; FONT-FAMILY: verdana; FONT-SIZE: 10pt"><p style="margin: 3.75pt 0cm; orphans: 2; widows: 2; font-size: 14px; font-family: 微软雅黑; line-height: 21px;"><span style="font-size: 9pt; font-family: 微软雅黑, sans-serif;">童树山</span><span style="font-size: 9pt; font-family: 微软雅黑, sans-serif;"></span></p><p style="margin: 3.75pt 0cm; orphans: 2; widows: 2; font-size: 14px; font-family: 微软雅黑; line-height: 21px;"><span style="font-size: 9pt; font-family: 微软雅黑, sans-serif;">咪咕视讯科技有限公司 研发部</span></p><p style="margin: 3.75pt 0cm; orphans: 2; widows: 2; font-size: 14px; font-family: 微软雅黑; line-height: 21px;"><span style="font-size: 9pt; font-family: 微软雅黑, sans-serif;">Mobile</span><span style="font-size: 9pt; font-family: 微软雅黑, sans-serif;">：13818663262</span></p><p style="margin: 3.75pt 0cm; orphans: 2; widows: 2; font-size: 14px; font-family: 微软雅黑; line-height: 21px;"><span style="font-size: 9pt; font-family: 微软雅黑, sans-serif;">Telephone</span><span style="font-size: 9pt; font-family: 微软雅黑, sans-serif;">：021-51856688(81275)</span></p><div style="font-size: 13.3333px; orphans: 2; widows: 2;"><span style="font-size: 9pt; font-family: 微软雅黑, sans-serif; line-height: 21px; background-color: window;">Email</span><span style="font-size: 9pt; font-family: 微软雅黑, sans-serif; line-height: 21px; background-color: window;">：</span><a href="mailto:tongshushan@migu.cn" target="_blank" style="font-size: 10pt; line-height: 1.5; background-color: window;">tongshushan@migu.cn</a></div></div></span></div>
<blockquote style="margin-Top: 0px; margin-Bottom: 0px; margin-Left: 0.5em"><div> </div><div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm"><div style="PADDING-RIGHT: 8px; PADDING-LEFT: 8px; FONT-SIZE: 12px;FONT-FAMILY:tahoma;COLOR:#000000; BACKGROUND: #efefef; PADDING-BOTTOM: 8px; PADDING-TOP: 8px"><div><b>发件人：</b> <a href="mailto:lists@lazygranch.com">Gary</a></div><div><b>发送时间：</b> 2017-11-30 17:44</div><div><b>收件人：</b> <a href="mailto:nginx@nginx.org">nginx</a></div><div><b>主题：</b> Re: 回复: How to control the total requests in Ngnix</div></div></div><div><div class="FoxDiv20171130195104879389">
<div id="response_container_BBPPID" style="outline:none;font-size:initial;font-family:"Calibri","Slate Pro",sans-serif,"sans-serif"" dir="auto" contenteditable="false"> <div name="BB10" dir="auto" style="width: 100%; padding: initial; font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);">I think a limit of two connections per address is too low. I know that tip pages suggest a low limit in so-called anti-DDOS (really just flood protection). Some large carriers can generate 30+ connections per IP, probably because they lack sufficient IPV4 address space for their millions of users. This is based on my logs. I used to have a limit of 10 and it was reached quite often just from corporate users. </div><div name="BB10" id="BB10_response_div_BBPPID" dir="auto" style="width: 100%; padding: initial; font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);"><br></div><div name="BB10" id="BB10_response_div_BBPPID" dir="auto" style="width: 100%; padding: initial; font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);">The 10 per second rate is fine, and probably about as low as you should go. </div><div name="BB10" id="BB10_response_div_BBPPID" dir="auto" style="width: 100%; padding: initial; font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);"><br></div><div name="BB10" id="BB10_response_div_BBPPID" dir="auto" style="width: 100%; padding: initial; font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);">What does 2000 requests mean? Is that per second? </div><div name="BB10" id="BB10_response_div_BBPPID" dir="auto" style="width: 100%; padding: initial; font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);"><br></div>                                                                                                                                      <div name="BB10" dir="auto" style="width: 100%; padding: initial; font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);"> <br style="display:initial"></div>                            <div id="blackberry_signature_BBPPID" name="BB10" dir="auto">     <div name="BB10" dir="auto" style="padding: initial; font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);"></div> </div></div><div id="_original_msg_header_BBPPID" dir="auto">                                                                                                                                             <table width="100%" style="background-color: white; border-spacing: 0px; display: table; outline: none;" contenteditable="false"><tbody><tr><td colspan="2" style="padding: initial; font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);">                           <div style="border-right: none; border-bottom: none; border-left: none; border-image: initial; border-top: 1pt solid rgb(181, 196, 223); padding: 3pt 0in 0in; font-family: Tahoma, "BB Alpha Sans", "Slate Pro"; font-size: 10pt;">  <div id="from"><b>From:</b> <a href="mailto:tongshushan@migu.cn">tongshushan@migu.cn</a></div><div id="sent"><b>Sent:</b> November 30, 2017 1:14 AM</div><div id="to"><b>To:</b> <a href="mailto:nginx@nginx.org">nginx@nginx.org</a></div><div id="reply_to"><b>Reply-to:</b> <a href="mailto:nginx@nginx.org">nginx@nginx.org</a></div><div id="subject"><b>Subject:</b> 回复: How to control the total requests in Ngnix</div></div></td></tr></tbody></table> <br> </div><!--start of _originalContent --><div name="BB10" dir="auto" style="background-image: initial; line-height: initial; outline: none;" contenteditable="false"><div id="ssc19785" style="line-height: 1.5; font-size: 10.5pt; font-family: 'Microsoft YaHei UI'; color: rgb(0, 0, 0);"><div><div><span style="font-size:10.5pt;line-height:1.5">Additional:</span><span style="font-size:10.5pt;line-height:1.5"> the total requests will be sent from different client ips.</span></div><div><br></div><hr style="width:210px;min-height:1px" size="1" align="left"><div><div style="margin:10px;font-family:'verdana';font-size:10pt"><p style="margin: 0px 0cm; font-size: 14px; font-family: 微软雅黑; line-height: 21px;"><span style="font-family:'微软雅黑' , sans-serif;font-size:12px">Tong</span></p></div></div><blockquote style="margin-top:0px;margin-bottom:0px;margin-left:0.5em"><div> </div><div style="border:none;border-top:solid #b5c4df 1pt;padding:3pt 0cm 0cm 0cm"><div style="padding-right:8px;padding-left:8px;font-size:12px;font-family:'tahoma';color:#000000;background:#efefef;padding-bottom:8px;padding-top:8px"><div><b>发件人：</b> <a href="mailto:tongshushan@migu.cn">tongshushan@migu.cn</a></div><div><b>发送时间：</b> <a href="tel:2017113017">2017-11-30 17</a>:12</div><div><b>收件人：</b> <a href="mailto:nginx@nginx.org">nginx</a></div><div><b>主题：</b> How to control the total requests in Ngnix</div></div></div><div><div class="FoxDiv20171130171306556031">
<div>Hi guys,</div><div><br></div><div>I want to use ngnix to protect my system,to allow max 2000 requests sent to my service(http location).</div><div>The below configs are only for per client ip,not for the <span style="font-size:10.5pt;line-height:1.5"><b>total </b>requests control.</span></div><div><table border="1" cellpadding="2" cellspacing="0" style="font-size:10pt;border-collapse:collapse" width="50%"><tbody><tr><td width="100%" nowrap="">
<p class="MsoNormal" style="margin:0px 0cm;text-align:justify;font-size:10.5pt;font-family:'calibri' , sans-serif"><span style="font-size:9pt"><span style="font-family:'verdana';font-size:small">##########method 1##########</span></span></p><p class="MsoNormal" style="margin:0px 0cm;text-align:justify;font-size:10.5pt;font-family:'calibri' , sans-serif"><span style="font-size:9pt"><br></span></p><p class="MsoNormal" style="margin:0px 0cm;text-align:justify;font-size:10.5pt;font-family:'calibri' , sans-serif"><span style="font-size:9pt">limit_conn_zone
$binary_remote_addr zone=addr:10m;</span></p>
<p class="MsoNormal" style="margin:0px 0cm;text-align:justify;font-size:10.5pt;font-family:'calibri' , sans-serif"><span style="font-size:9pt">server {<!-- --></span></p>
<p class="MsoNormal" style="text-indent:21pt;margin:0px 0cm;text-align:justify;font-size:10.5pt;font-family:'calibri' , sans-serif"><span style="font-size:9pt">location /mylocation/ {<!-- --></span></p>
<p class="MsoNormal" style="margin:0px 0cm;text-align:justify;font-size:10.5pt;font-family:'calibri' , sans-serif"><span style="font-size:9pt">                            <b>limit_conn addr 2;</b></span></p>
<p class="MsoNormal" style="margin:0px 0cm;text-align:justify;font-size:10.5pt;font-family:'calibri' , sans-serif"><span style="font-size:9pt">                            proxy_pass
<a href="http://my_server/mylocation/">http://my_server/mylocation/</a>;</span></p>
<p class="MsoNormal" style="margin:0px 0cm;text-align:justify;font-size:10.5pt;font-family:'calibri' , sans-serif"><span style="font-size:9pt">                            proxy_set_header
Host $host:$server_port;                       </span></p>
<p class="MsoNormal" style="margin:0px 0cm;text-align:justify;font-size:10.5pt;font-family:'calibri' , sans-serif"><span style="font-size:9pt">         }</span></p>
<font size="2" face="Verdana"><div><span style="font-family:'calibri' , sans-serif;font-size:9pt;line-height:1.5">}</span> </div><div><br></div><div>##########method 2##########</div><div><br></div><div>
<p class="MsoNormal" style="margin:0px 0cm;text-align:justify;font-size:10.5pt;font-family:'calibri' , sans-serif"><span style="font-size:9pt">limit_req_zone
$binary_remote_addr zone=one:10m<b>
rate=10r/s</b>;</span></p>
<p class="MsoNormal" style="margin:0px 0cm;text-align:justify;font-size:10.5pt;font-family:'calibri' , sans-serif"><span style="font-size:9pt">server {<!-- --></span></p>
<p class="MsoNormal" style="text-indent:21pt;margin:0px 0cm;text-align:justify;font-size:10.5pt;font-family:'calibri' , sans-serif"><span style="font-size:9pt">location /mylocation/ {<!-- --></span></p>
<p class="MsoNormal" style="margin:0px 0cm;text-align:justify;font-size:10.5pt;font-family:'calibri' , sans-serif"><span style="font-size:9pt">                            <b>limit_req zone=one burst=5 nodelay;</b></span></p>
<p class="MsoNormal" style="margin:0px 0cm;text-align:justify;font-size:10.5pt;font-family:'calibri' , sans-serif"><span style="font-size:9pt">                            proxy_pass
<a href="http://my_server/mylocation/">http://my_server/mylocation/</a>;</span></p>
<p class="MsoNormal" style="margin:0px 0cm;text-align:justify;font-size:10.5pt;font-family:'calibri' , sans-serif"><span style="font-size:9pt">                            proxy_set_header
Host $host:$server_port;                       </span></p>
<p class="MsoNormal" style="margin:0px 0cm;text-align:justify;font-size:10.5pt;font-family:'calibri' , sans-serif"><span style="font-size:9pt">         }</span></p>
<span style="font-size:9pt;font-family:'calibri' ,">}</span>
</div><div><br></div><div><br></div></font></td></tr></tbody></table></div><div><br></div><div>How can I do it?</div><div><br></div>
<div><br></div><hr style="width:210px;min-height:1px" size="1" align="left">
<div><span style="font-size:12px"><div style="margin:10px"><p style="margin:0px 0cm;line-height:21px"><font face="微软雅黑, sans-serif">Tong</font></p></div></span></div>
</div></div></blockquote></div></div><!--end of _originalContent --></div></div></div></blockquote>
</div></blockquote><blockquote type="cite"><div><span>_______________________________________________</span><br><span>nginx mailing list</span><br><span><a href="mailto:nginx@nginx.org">nginx@nginx.org</a></span><br><span><a href="http://mailman.nginx.org/mailman/listinfo/nginx">http://mailman.nginx.org/mailman/listinfo/nginx</a></span></div></blockquote></div></body></html>