How to control the total requests in Ngnix

Thu Nov 30 22:25:31 UTC 2017

So what exactly are you trying to protect against?
Against “bad people” or “my website is busier than I think I can handle?”

Sent from my iPhone

> On Nov 30, 2017, at 6:52 AM, "tongshushan at migu.cn" <tongshushan at migu.cn> wrote:
> 
>   a limit of two connections per address is just a example.
>  What does 2000 requests mean? Is that per second?   yes，it's QPS.
> 
> 童树山
> 咪咕视讯科技有限公司 研发部
> Mobile：13818663262
> Telephone：021-51856688(81275)
> Email：tongshushan at migu.cn
>  
> 发件人： Gary
> 发送时间： 2017-11-30 17:44
> 收件人： nginx
> 主题： Re: 回复: How to control the total requests in Ngnix
> I think a limit of two connections per address is too low. I know that tip pages suggest a low limit in so-called anti-DDOS (really just flood protection). Some large carriers can generate 30+ connections per IP, probably because they lack sufficient IPV4 address space for their millions of users. This is based on my logs. I used to have a limit of 10 and it was reached quite often just from corporate users. 
> 
> The 10 per second rate is fine, and probably about as low as you should go. 
> 
> What does 2000 requests mean? Is that per second? 
> 
> 
> From: tongshushan at migu.cn
> Sent: November 30, 2017 1:14 AM
> To: nginx at nginx.org
> Reply-to: nginx at nginx.org
> Subject: 回复: How to control the total requests in Ngnix
> 
> Additional: the total requests will be sent from different client ips.
> 
> Tong
>  
> 发件人： tongshushan at migu.cn
> 发送时间： 2017-11-30 17:12
> 收件人： nginx
> 主题： How to control the total requests in Ngnix
> Hi guys,
> 
> I want to use ngnix to protect my system,to allow max 2000 requests sent to my service(http location).
> The below configs are only for per client ip,not for the total requests control.
> ##########method 1##########
> 
> limit_conn_zone $binary_remote_addr zone=addr:10m;
> server {
> location /mylocation/ {
>                             limit_conn addr 2;
>                             proxy_pass http://my_server/mylocation/;
>                             proxy_set_header Host $host:$server_port;                      
>          }
> } 
> 
> ##########method 2##########
> 
> limit_req_zone $binary_remote_addr zone=one:10m rate=10r/s;
> server {
> location /mylocation/ {
>                             limit_req zone=one burst=5 nodelay;
>                             proxy_pass http://my_server/mylocation/;
>                             proxy_set_header Host $host:$server_port;                      
>          }
> }
> 
> 
> 
> How can I do it?
> 
> 
> Tong
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20171130/817c4831/attachment-0001.html>