Server hardening without "If" conditions

Igor Sysoev igor at sysoev.ru
Wed Jun 1 17:13:01 MSD 2011


On Wed, Jun 01, 2011 at 08:47:48AM -0400, pk899 wrote:
> Hi. I notice that nginx with just the location rules and usual
> directives results in mind-blowing performance. Apache Bench test shows
> "115,000 requests per second" can be handled. 
> 
> However, when I add a simple rule: 
> 
>     if ($request_method !~ ^(GET|HEAD|POST)$ ) {
>       return 444;
>     }
> 
> Which I think is important from a point of view of getting rid of so
> much junk that hits any modern server, the requests per second fall to
> "1,200" !!!
> 
> Is there any way around this? I would, if possible, prefer that my main
> web server be able to handle such basic stuff. 

It's strange result. The "if" and regex slow down processing,
but not by 3 orders of magnitude.


-- 
Igor Sysoev



More information about the nginx mailing list