exception for NGINX limit_req_zone
Francis Daly
francis at daoine.org
Sat Jul 21 20:08:20 UTC 2012
On Sat, Jul 21, 2012 at 10:26:23AM +0800, fhal wrote:
Hi there,
> I tried to use map, but it doesn't work. Below is the settings.
It seems to work for me, in a slightly different test:
> map $arg_mod $forum_limit {
> default $binary_remote_addr;
> image '';
> }
> limit_conn_zone $forum_limit zone=addr:128m;
> limit_req_zone $forum_limit zone=refresh:128m rate=3r/s;
I use "rate=1r/m", because that makes it very easy to see that things
are being blocked or not. But otherwise, those 6 lines are in nginx.conf.
server {
location = /file {
limit_req zone=refresh burst=2 nodelay;
}
}
Now test:
for i in a b c d; do curl http://127.0.0.1:8000/file?mod=im; sleep 1; done
gives me "file contents" 3 times, and then the 503 Service Temporarily
Unavailable message.
for i in a b c d; do curl http://127.0.0.2:8000/file?mod=im; sleep 1; done
is the same, while
for i in a b c d; do curl http://127.0.0.1:8000/file?mod=image; sleep 1; done
gives me "file contents" 4 times. Repeat the first command, and I get
503 4 times; repeat the last, and I get "file contents" 4 times.
That looks to me like the thing is restricted by ip address to 1 request
per minute, bursting to 2 extra; unless "mod=image" is included, in
which case there is no restriction.
Note that I haven't tested limit_conn here, just limit_req, because that
is easier to build a test case for.
Does that test work or fail for you?
When I repeat the test with a fastcgi_pass configuration, instead of just
loading a file, I see the same results.
All the best,
f
--
Francis Daly francis at daoine.org
More information about the nginx
mailing list