Server hardening without "If" conditions

pk899 nginx-forum at nginx.us
Wed Jun 1 17:02:23 MSD 2011


ktm2 Wrote:
-------------------------------------------------------
> On Wed, Jun 01, 2011 at 08:47:48AM -0400, pk899
> wrote:
> > Hi. I notice that nginx with just the location
> rules and usual
> > directives results in mind-blowing performance.
> Apache Bench test shows
> > "115,000 requests per second" can be handled. 
> > 
> > However, when I add a simple rule: 
> > 
> >     if ($request_method !~ ^(GET|HEAD|POST)$ ) {
> >       return 444;
> >     }
> > 
> > Which I think is important from a point of view
> of getting rid of so
> > much junk that hits any modern server, the
> requests per second fall to
> > "1,200" !!!
> > 
> > Is there any way around this? I would, if
> possible, prefer that my main
> > web server be able to handle such basic stuff. 
> > 
> > Welcome any thoughts. Thanks!
> > 
> > Posted at Nginx Forum:
> http://forum.nginx.org/read.php?2,202965,202965#ms
> g-202965
> > 
> 
> Well, the test you added includes the regular
> expression calculations as well.
> Can nginx use three simpler exact string matches
> instead? It may be faster.
> 
> Cheers,
> Ken 



Thanks Ken. How would you write this though? 

    if ($request_method != "GET"  and $request_method != "POST" and
$request_method != "HEAD") {
      return 444;
    }

This is not correct syntax?

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,202965,202969#msg-202969




More information about the nginx mailing list