Server hardening without "If" conditions
Igor Sysoev
igor at sysoev.ru
Wed Jun 1 17:13:01 MSD 2011
On Wed, Jun 01, 2011 at 08:47:48AM -0400, pk899 wrote:
> Hi. I notice that nginx with just the location rules and usual
> directives results in mind-blowing performance. Apache Bench test shows
> "115,000 requests per second" can be handled.
>
> However, when I add a simple rule:
>
> if ($request_method !~ ^(GET|HEAD|POST)$ ) {
> return 444;
> }
>
> Which I think is important from a point of view of getting rid of so
> much junk that hits any modern server, the requests per second fall to
> "1,200" !!!
>
> Is there any way around this? I would, if possible, prefer that my main
> web server be able to handle such basic stuff.
It's strange result. The "if" and regex slow down processing,
but not by 3 orders of magnitude.
--
Igor Sysoev
More information about the nginx
mailing list