Server hardening without "If" conditions
pk899
nginx-forum at nginx.us
Wed Jun 1 17:02:23 MSD 2011
ktm2 Wrote:
-------------------------------------------------------
> On Wed, Jun 01, 2011 at 08:47:48AM -0400, pk899
> wrote:
> > Hi. I notice that nginx with just the location
> rules and usual
> > directives results in mind-blowing performance.
> Apache Bench test shows
> > "115,000 requests per second" can be handled.
> >
> > However, when I add a simple rule:
> >
> > if ($request_method !~ ^(GET|HEAD|POST)$ ) {
> > return 444;
> > }
> >
> > Which I think is important from a point of view
> of getting rid of so
> > much junk that hits any modern server, the
> requests per second fall to
> > "1,200" !!!
> >
> > Is there any way around this? I would, if
> possible, prefer that my main
> > web server be able to handle such basic stuff.
> >
> > Welcome any thoughts. Thanks!
> >
> > Posted at Nginx Forum:
> http://forum.nginx.org/read.php?2,202965,202965#ms
> g-202965
> >
>
> Well, the test you added includes the regular
> expression calculations as well.
> Can nginx use three simpler exact string matches
> instead? It may be faster.
>
> Cheers,
> Ken
Thanks Ken. How would you write this though?
if ($request_method != "GET" and $request_method != "POST" and
$request_method != "HEAD") {
return 444;
}
This is not correct syntax?
Posted at Nginx Forum: http://forum.nginx.org/read.php?2,202965,202969#msg-202969
More information about the nginx
mailing list