This article mainly shares with you the configuration method of Nginx to prevent traffic attacks. The article gives a detailed introduction and configuration sample code, which has a certain reference and learning value for everyone. Friends who need it, let’s take a look together.
We all know that server resources are limited, but requests from clients are unlimited (malicious attacks are not ruled out), in order to ensure that most requests can be responded normally, we have to give up some requests from clients, so we will use Nginx Current limiting operation, this operation can relieve the pressure on the server to a great extent, so that other normal requests can be responded normally.
How to use Nginx to implement basic current limiting, such as limiting a single IP to 50 visits per second. Through the Nginx current limiting module, we can set that once the number of concurrent connections exceeds our setting, a 503 error will be returned to the client. This can be very effective in preventing CC attacks. Combined with the iptables firewall, basically CC attacks can be ignored. Let’s take a look at the detailed introduction:
how to use
conf configuration
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 |
|
Configuration 503 error
By default, if the limit is exceeded, a 503 error will be reported, prompting:
1 2 3 4 |
|
There is nothing wrong with this display, but it is not friendly enough. Here we customize the 503 error.
1 2 3 4 |
|
Configuration instructions
limit_conn_zone
It is to define a container for storing session state for each IP. In this example, a 100m container is defined, according to 32bytes/session, it can handle 3200000 sessions.
limit_rate 300k;
The speed limit for each connection is 300k. Note that this is the speed limit for the connection, not for the IP. If an IP allows two concurrent connections, then this IP is limit_rate×2.
burst=5;
This is equivalent to putting 5 seats next to the checkpoint req. If a request is stopped for exceeding the speed limit at that time, ask him to sit in an empty seat, wait in line, and if the checkpoint is empty, he can pass. If even the seats are full, then sorry, the request will be returned directly, and the client will get a server busy response. Therefore, burst has nothing to do with request_rate. If it is set to 10000, 10,000 requests can be queued, but the checkpoint still releases 5 requests in 1 second (turtle speed). And you can't queue all the time, so nginx also sets a timeout. If the queue exceeds a certain time, it will be returned directly and a server busy response will be returned.
以上配置Nginx需要配置以下模块:
1 2 |
|
执行命令 nginx -V
就可以检查到是否有安装。
总结
以上就是这篇文章的全部内容了,希望本文的内容对大家的学习或者工作能带来一定的帮助