geo-ip + nginx
Payam Chychi
pchychi at gmail.com
Thu May 28 19:46:13 MSD 2009
2009/5/28 Igor Sysoev <is at rambler-co.ru>:
> On Thu, May 28, 2009 at 08:21:16AM -0700, Payam Chychi wrote:
>
>> hey guys,
>>
>> anyone know the upper limits of number of acl lines for geo-ip /w
>> nginx? I have a list of 7000 lines and i feel that i might be hitting
>> a performance wall at 20-30mbps of request (6-9k req/sec)
>> boxes im using are xeon 2.4ghz+ dual cor/dual proc + 4gig ram
>
> If you use geo variables, then there is no limit.
> I use about 200,000 addreses.
>
>
> --
> Igor Sysoev
> http://sysoev.ru/en/
>
>
I see, so I assume you load the entire 200k list once, then refer back
to it for one/or/more configs? the way i am doing it is I have 1
global list that applies to all configs then I also have a 2nd list
that applies to individual configs0
1st list drops all known back hosts (default = ddos)
2nd list allows connections only from particular sources that match
the list (default = 0)
ever have any issues loading multiple lists in geo with different variables?
ex:
location / {
if ( $ddos_ru = ddos ){
return 403;
break;
}
if ( $geo2 = 0 ) {
return 403;
break;
}
proxy_pass http://LB_HTTP_x.x.x.x;
proxy_intercept_errors on;
proxy_cache one;
proxy_cache_key x.x.x.x$request_uri;
proxy_cache_valid 200 1h;
proxy_cache_valid 404 5m;
proxy_cache_use_stale error timeout invalid_header;
}
--
Payam Tarverdyan Chychi
Network Security Specialist / Network Engineer
More information about the nginx
mailing list