Limiting number of client TLS connections

Zero King l2dy at aosc.io
Mon Nov 20 15:29:39 UTC 2023


Hi Maxim,

Thanks for your reply!

In our case, layer-4 firewall is difficult to introduce in the request 
path. Would you consider rate limiting in Nginx a valid feature request?

On 19/11/23 08:11, Maxim Dounin wrote:
> Hello!
>
> On Sat, Nov 18, 2023 at 02:44:20PM +0800, Zero King wrote:
>
>> I want Nginx to limit the rate of new TLS connections and the total (or
>> per-worker) number of all client-facing connections, so that under a
>> sudden surge of requests, existing connections can get enough share of
>> CPU to be served properly, while excessive connections are rejected and
>> retried against other servers in the cluster.
>>
>> I am running Nginx on a managed Kubernetes cluster, so tuning kernel
>> parameters or configuring layer 4 firewall is not an option.
>>
>> To serve existing connections well, worker_connections can not be used,
>> because it also affects connections with proxied servers.
>>
>> Is there a way to implement these measures in Nginx configuration?
> No, nginx does not provide a way to limit rate of new connections
> and/or total number of established connections.  Instead, firewall is
> expected to be used for such tasks.
>


More information about the nginx mailing list