About the difference between Limit_req and Limit_conn

1, first of all, Limit_req and limit_conn two modules are to limit the flow, but the two are not a level, in order to understand this, we must first understand the difference between request and connection, because in many cases, we confuse them.

So, what is the difference between connection and request?

2, connection is a connection, commonly said TCP connection, through three handshake and established a complete state machine. To build a connection, you have to shake hands three times.

Request refers to requests, that is, HTTP requests,

(Note that TCP connections are stateful, whereas HTTP built on top of TCP is a stateless protocol).

By opening a Web page, and then through Wareshark, you can see that after a connection is established (that is, after three handshakes), there will be a lot of HTTP request before the connection disconnects (that is, before the four waves), which is their difference: in the life cycle of a connection, There will be one or more requests, which is to speed up efficiency and avoid three handshakes per request, and now the http/1.1 protocol supports this feature, called KeepAlive.

Okay, now we know the difference.

3, then in Nginx, for the connection limit module: Limit_conn_module view:

Limit_conn_zone $binanry _remote_addr zone=conn_zone:1m;

locoation/limit.html {

Limit_conn Conn_zone 1;

}

This collocation configuration, indicates that with the IP key, to restrict each IP access to the lmit.html file, there can be only one online, or the rest of the return is not available.

This is a situation where the count of a stationary state can be achieved without concern for how long.

For example, if you are not releasing this connection, even if you send out more request requests through this connection, as long as I can handle it, then I will handle it for you. However, if you only need to handle 2 requests, but the two requests are sent at the same time with two connections, then I can only handle one, and the other one will not. This is the difference between him.

You can use the AB command to test:

Ab-n100-c100-k http://yoursit/limit.html

Note: The-n-c of the AB command refers to how many requests are sent, i.e. how many requests are sent by-N, how many requests are sent at the same time, and he does not care how many connections are required to send, and by default each request establishes a connection to send.

The above command, because the default is a connection to send a request, then this will establish 100 connections at the same time, and this will result in more than the limit (only one connection for one IP). 99 requests will fail.

And if you only open one connection:

Ab-n100-c100-k http://yousit/limt.html

Here, the-K draft is the KeepAlive, only one connection to send the 100 requests, even if the simultaneous sending, then the server will not think you are more than, because at a time you just set up a connection, so that the 100 requests will be clean processing completed.

3, then look at Limit_req_module.

Limit_req_zone $binary _remtoe_addr zone=req_zone:1m rate=1r/s;

location/limit.html{

Limit_conn Zone=req_zone;

}

Note the difference from the above: you need to configure a rate for shared memory

Indicates that, for each IP, the request is processed at a rate not exceeding 1 requests per second.

You can see that this is a speed (and the top one is the number, the speed and the number of the visual difference is it?). ）

So this time:

ab-n100-c100 http://yoursit/limit.html

And

Ab-n100-c100-k http://yousit/limt.html

The difference is not so obvious, because it always sends 100 requests at the same time (whether through 100 connections or 1 connections), as long as you request the speed of more than 1 per second, then I will reject you.

Finish

Additional: Https://forum.linode.com/viewtopic.php?t=8064%3E

---------------------Lei Feng, thank you Source: CSDN Original: 49968283?utm_source=copy Copyright: This article for Bo Master original article, reprint please attach blog link!

About the difference between Limit_req and Limit_conn