Nginx Rate limiting for HTTPS requests

rickGsp nginx-forum at forum.nginx.org
Tue May 15 16:20:31 UTC 2018


Hi,

I have been experimenting with Nginx rate limiting and I need some inputs on
it’s working and what can be expected from this feature. I see some
difference in what I expected from this feature going by the documentation
and what I observed in my experiments.

Here is the detail on my testing:
I have a test server running Nginx and a backend server. Nginx is configured
as HTTPS server listening on 443. I have configured Nginx as reverse proxy
to my backend. We have a proprietary tool which feeds configured number of
HTTPS requests (one request/connection) to test server and generates reports
at the end of test. Report will have details how many requests return status
as 200 and 503. 

Observation 1: 
As per my observations, more requests are getting processed with return
status as 200 than expected if input request rate to Nginx is much higher
than the rate limit configured.
For example, with the following configuration in Nginx for rate limiting,
Here are my tests:
limit_req_zone $host zone=perhost:1m rate=100r/s;
limit_req zone=perhost burst=100 nodelay;

Test1: With input as 250 req/sec and rate limit configured at 100r/s, rate
limiting works as expected since on average ~100 requests return with 200
status every second
    
Test2: With input as 500 req/sec and rate limit configured at 100r/s, rate
limiting does not work as expected since on average ~150 requests return
with 200 status every second
  
Test3: With input as 600 req/sec and rate limit configured at 100r/s, rate
limiting does not work as expected since on average ~200 requests return
with 200 status every second
  
Test4: With input as 800 req/sec and rate limit configured at 100r/s, rate
limiting does not work as expected since on average ~350 requests return
with 200 status every second

Observation 2:
On the other side, If Nginx is configured as HTTP server listening on 80,
rate limiting feature seems to be working fine for the same tests.

I am not very sure what is happening here for HTTPS based testing. One
observation I have made is that in HTTP case, requests gets processed very
quickly whereas for HTTPS case, complete transaction takes relatively
longer. Also, for low input rate of HTTPS requests transaction completion is
not taking very long where as when input rate goes up, this delay further
increase and then rate limiting start behaving unexpectedly. Can this be the
cause of this difference in anyway? Please share your inputs on this.

Thanks in advance

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,279802,279802#msg-279802



More information about the nginx mailing list