Summary of Nginx reverse proxy front-end limit rate limiting module
Regarding the ngx_http_limit_conn_module, ngx_http_limit_req_module module, echo (need to install the third-party module ngx_http_echo_module), map (ngx_http_map_module installed by default), geo (ngx_http_geo_module installed by default) instructions please check the official documentation, and I won’t repeat them here.
There are four situations:
One, but CDN rate limit configuration
2. Over CDN rate limit configuration
Third, the CDN is not a whitelist
Fourth, CDN without whitelisting
First explain a problem:
geoThe IP inside can be a single or a network segment, as long as it meets the CIDR standard.
mapThe IP inside must be one, because it looks at a variable here.
Whitelisted IP through CDNOnly the client IP is required, not CND, the client IP must be written line by line
But the whitelisted IP of CDNCan write a network segment
key pointThe speed limit is not used when limited is empty. There is value, here white_ip is 1, and the speed limit is used.
You can view it through the echo module (these two are not CDN):
The configuration of echo in the virtual host is as follows
location /echo {
default_type text/plain;
echo http_x_forwarded_for: $http_x_forwarded_for;
echo remote_addr: $remote_addr;
echo firstAddr: $firstAddr;
echo clientRealIp: $ clientRealIp;
echo white_ip: $white_ip;
}
This requires speed limit, not added to the whitelist
http://123.11.11.11/echo
http_x_forwarded_for:
remote_addr: 59.12.13.14
firstAddr:
clientRealIp: 59.12.13.14
white_ip: 1
limited: 59.12.13.14
This is unlimited speed, added to the whitelist
http://123.11.11.11/echo
http_x_forwarded_for:
remote_addr: 114.11.183.6
firstAddr:
clientRealIp: 114.11.183.6
white_ip: 0
limited:
One, but CDN rate limit configuration
Configuration in nginx.conf
geo $white_ip {
default 1;
127.0.0.1 0;
59.12.13.14 0;
61.11.12.0/24 0;
......
}
map $white_ip $limited {
1 $binary_remote_addr;
0 "";
}
limit_conn_zone $limited zone=addr:10m;
limit_req_zone $limited zone=one:10m rate=50r/s;
limit_req_log_level info;
limit_conn_log_level info;
Specific domain name vhosts configuration file application
location / {
limit_req zone=one burst=5 nodelay;
limit_conn addr 100;
proxy_pass http://my_test_com;
}
2. Over CDN rate limit configuration
Configuration in nginx.conf
map $http_x_forwarded_for $clientRealIpnormal {
"" $remote_addr;
~^(?P<firstAddr>[0-9\.]+),?.*$ $firstAddr;
}
map $http_http_cdn_src_ip $clientRealIp{
"" $clientRealIpnormal;
default $http_http_cdn_src_ip;
}
map $clientRealIp $white_ip {
default 1;
127.0.0.1 0;
59.12.13.14 0;
......
}
map $white_ip $limited {
$ 1 clientRealIp;
0 "";
}
limit_conn_zone $limited zone=addr:10m;
limit_req_zone $limited zone=one:10m rate=30r/s;
limit_req_zone $limited zone=two:10m rate=20r/s;
limit_req_log_level info;
limit_conn_log_level info;
Specific domain name vhosts configuration file application
location / {
limit_req zone=two burst=1 nodelay;
proxy_pass http://mynew_test_com;
}
Third, the CDN is not a whitelist
Configuration in nginx.conf
limit_conn_zone $binary_remote_addr zone=addr:10m;
limit_req_zone $binary_remote_addr zone=one:10m rate=50r/s;
limit_req_log_level info;
limit_conn_log_level info;
Specific domain name vhosts configuration file application
location / {
limit_req zone=one burst=5 nodelay;
limit_conn addr 100;
proxy_pass http://my_test_com;
}
Fourth, CDN without whitelisting
Configuration in nginx.conf
map $http_x_forwarded_for $clientRealIp {
"" $remote_addr;
~^(?P<firstAddr>[0-9\.]+),?.*$ $firstAddr;
}
limit_conn_zone $clientRealIp_addr zone=addr:10m;
limit_req_zone $clientRealIp_addr zone=one:10m rate=50r/s;
limit_req_log_level info;
limit_conn_log_level info;
Specific domain name vhosts configuration file application
location / {
limit_req zone=one burst=5 nodelay;
limit_conn addr 100;
proxy_pass http://my_test_com;
}