nginx module limits the number of connections ngx_http_limit_conn_module

Why 80% of the code can not do farming architect? >>>  

I. INTRODUCTION We often encounter this situation, server traffic anomaly, the load is too large, and so on. For high-volume access to malicious attacks, it will bring the waste of bandwidth, server stress, affect the business, often considered a number of connections to the same ip, with a few restrictions. Here to talk about ngx_http_limit_conn_module module to achieve this requirement. The module may limit the number of connections defined for each key according to the key, as a source IP connections. Not all connections are counted the module, only those requests being processed (these requests header information has been completely read) where the connection will be counted. Second ngx_http_limit_conn_module command interpreter limit_conn_zone Syntax: limit_conn_zone $ variable zone = name:default: none configuration section: http session Description This command state storage area. Key state stored in the current number of connections, the value of the key can be any non-null value of a specific variable (null values will not be considered). $ variable defined keys, zone = name defining area name, the latter will be used limit_conn instructions. each key shared memory size defined space. Such as:

limit_conn_zone $binary_remote_addr zone=addr:10m;

Note: The client's IP address as the key. Note the use of a $ binary_remote_addr variable rather than $ remote_addr variable. $ REMOTE_ADDR variable length of 7 bytes to 15 bytes, while the storage state occupies 32 or 64 bytes in the 32-bit platform, occupies 64 bytes in the 64-bit platform. $ Variable length is fixed binary_remote_addr is 4 bytes, the storage state occupies 32 or 64 bytes in the 32-bit platform, occupies 64 bytes in the 64-bit platform. 1M shared space can be saved 32000 32 status, 16 000 64 states. If the shared memory space is exhausted, the server will return 503 (Service Temporarily Unavailable) error for all subsequent requests. limit_zone instructions and instructions limit_conn_zone equivalent meaning, has been abandoned, do not been described. limit_conn_log_level syntax: limit_conn_log_level info | notice | warn | error defaults: error configuration section: http, server, location when it reaches the maximum number of connections limit, the record level for the logs. limit_conn syntax: limit_conn zone_name number Default: none configuration section: http, server, location Specifies the maximum number of simultaneous connections for each given key value, when more than this number is returned 503 (Service Temporarily Unavailable) error. Such as:

limit_conn_zone $binary_remote_addr zone=addr:10m;
server {
    location /www.ttlsa.com/ {
        limit_conn addr 1;
    }
}

The same IP at the same time allows only one connection. When a plurality of instructions configured limit_conn, limit the number of connections are all effective. The total number of connections, but also limit a single virtual connection to the server, for example, the following configuration will not only limit a single IP source:

limit_conn_zone $binary_remote_addr zone=perip:10m;
limit_conn_zone $server_name zone=perserver:10m;
server {
    limit_conn perip 10;
    limit_conn perserver 100;
}

[warning] limit_conn instructions may be inherited from a higher level. [/ warning] limit_conn_status Syntax: limit_conn_status code; Default: limit_conn_status 503; configuration section: http, server, location in the designated incorporated version 1.3.15. When it exceeds the specified limit, the status code returned. The default is 503. limit_rate Syntax: limit_rate Rate Default: 0 configuration section: http, server, location, if in location restrictions for each rate of the connection. The rate parameter in bytes / sec, the speed limit is set to 0 will turn off. By connection speed rather than by IP restrictions, so if a client opens two connections at the same time, the overall rate of clients is twice the value of this instruction set. III. Complete configuration examples

http {
	limit_conn_zone $binary_remote_addr zone=limit:10m;
	limit_conn_log_level info;

	server {
		location  ^~ /download/ {  
			limit_conn limit 4;
			limit_rate 200k;
			alias /data/www.ttlsa.com/download/;
                }
	}
}

IV. Precautions transaction has two sides of. Although ngx_http_limit_conn_module module can concurrently solve the current problems, but will introduce some additional problems. The front end if you have to do LVS or anti behalf, and we back-end functionality of the module is enabled, it is not very much 503 mistake? In this case, you can enable the front-end module, or is the white list, white list settings See follow-up documentation, I will compile a reference for readers. Ngx_http_limit_req_module can be used in combination with the module, in order to achieve the best results. " Nginx restriction requests ngx_http_limit_req_module module ." For reprint please indicate the source: http: //www.ttlsa.com/html/3180.html

Reproduced in: https: //my.oschina.net/766/blog/211290