A tutorial on how to limit the frequency of access in a unit time in Nginx _nginx

First of all, the problem is encountered because the site was attacked, Aliyun alarm, thought to limit the frequency of access, rather than restricting IP (IP restrictions on the scheme later given). Nginx connection resource is eaten empty return status code is 502, add this scheme limit after return 599, and normal status code.
The steps are as follows:

First nginx.conf Add the following:

Map $http _x_forwarded_for  $clientRealIp {"
    " $remote _addr;
    ~^(? P<firstaddr>[0-9\.] +),?. *$  $firstAddr;
    }

    # # #safe setting to limit ' request number per second
    limit_req_status 599;
    Limit_req_zone $clientRealIp zone=allips:70m rate=5r/s;

Session Pool Size 70M, if the limit of IP a lot of that can be adjusted small, if the limited IP is very few, that can access a lot of IP to be adjusted large
5 requests per second, this is also adjusted according to the situation, 5 is more appropriate or slightly larger a little.

Then modify the www.xxoo.com.conf (this is LNMP has a profile for each virtual host) server, location add the following line above:

Limit_req zone=allips burst=5 Nodelay;

This restarts the nginx to be able to write a script to test the concurrency.

A python concurrency script is provided as follows:

Import Threading
import time,urllib2


url = ' http://sf.gg/'
def worker ():
  try:
   response = Urllib2.urlopen (URL)
   print response.getcode ()
  except URLLIB2. Httperror, E:
   print E.code for

i in range:
  t = Threading. Thread (Target=worker)
  T.start ()

2000 and http://sf.gg/can be modified, and then execute Python *.py > out to analyze the distribution of status codes within the out file, if 599 says the frequency limit plays a role.