This scenario is to limit the download speed of a single connection, the number of connections that limit a single IP, or the number of requests per unit of time, and the experimental environment nginx1.9.x. Small examples of the main, specific details please read more documents. Limit Download Speed
location/download {
limit_rate 128k;
}
#如果想设置用户下载文件的前10m大小时不限速, more than 10m after the 128kb/s speed limit can add the following content, modify the nginx.conf file
location/download {
limit_rate_after 10m;
Limit_rate 128k;
}
restricting the connection and concurrency of IP
Limit_req_zone is used to limit the number of requests within a unit time
Limit_req_conn used to limit the number of connections at the same time
limit the number of times you have access to the same IP within a certain period of time
http{...
#定义一个名为allips的limit_req_zone用来存储session, size is 10M of memory,
#以 $binary _remote_addr as key, limit the average request per second to 20, and return 503 error
when the frequency exceeds #1M能存储16000个状态, the value of Rete must be an integer,
#如果限制两秒钟一个请求, can be set to 30r/m
limit_req_zone $binary _remote_addr zone=allips:10m rate=20r/s;
...
server{...
Location/{
...
#限制每ip每秒不超过20个请求, the number of leaky barrels burst is 5
#brust的意思就是, if the 1th second, 2,3,4 second request for 19,
#第5秒的请求为25个是被允许的.
#但是如果你第1秒就25个请求, a request that exceeds 20 in the first 2 seconds returns a 503 error.
#nodelay, if this option is not set, the average rate limit request is strictly used,
#第1秒25个请求时, 5 requests are placed in the first 2 seconds of execution,
#设置nodelay, 25 requests will be executed at 1 seconds.
limit_req zone=allips burst=5 nodelay;
...
}
...
}
...
}
The above configuration key is $binary _remote_addr, so it is based on the IP speed limit, in fact, not only the IP, but also can be $server_name and other nginx variables or custom variables, according to the needs of the configuration.
limit the number of connections for a single IP at the same time
http{...
#定义一个名为one的limit_zone, size 10M memory to store session,
#以 $binary _remote_addr as key, that is, IP
#且只能放在http作用域
limit_conn_ Zone $binary _remote_addr zone=one:10m;
...
server{...
Location {
...
Limit_conn one; #连接数限制, exceeding the limit of 503 errors returned
#带宽限制, the limit on a single connection, if an IP two connection, is 500x2k
#limit_rate 500k;
...
}
...
}
...
}
depending on the parameter, special characters in the URI limit the speed
Since the user is a NAT to connect to the server, so according to the IP restrictions can not be done, but each user access to the URL with the user's unique parameters, the use of URL parameters than IP more limited speed meaning. The meaning of the following configuration is/hello this request, LAN parameters of the same request can only be requested once per second, you can compare LAN parameters as the user's IP, each IP can only be successfully accessed one server per second to understand.
Here can also be extended to use nginx can get the parameter speed limit, for example, through the IP address +ua speed limit, through the header of the special mark +ip speed limit, and more complex logic through the openresty will be more aspects
Other options
Lua-resty-limit-traffic Openresty-based speed-limiting module for more complex business control using LUA
NGX-LIMIT-REQ2, this dude wrote a C module.
Test configuration
Map $arg _lan $name {
default $arg _lan;
~*python "python;
" ~*golang "Golang;
}
Limit_req_zone $name zone=xspython:10m rate=1r/s;
server {
listen 8001;
server_name localhost;
Location/hello {
limit_req_log_level notice;
Limit_req Zone=xspython burst=1 nodelay;
echo Hello $name;
}
Location ~/hi {
#不限速对照
echo hi;
}
}
Simple test Script
#!/bin/bash #limit_test1. SH #orangleliu #第一种情况 the same key to see if the speed limit #第二种情况 different key can pass through the # It is mainly based on Access.log to judge the result op=$1 url= "http://127.0.0.1:8001/hello?lan=" if [$ = "1"];then echo "case One" for I in {1..5};
Do-J in {1..5};d o Curl "${url}python" did sleep 1 done else echo "condition two" Lanname= (Python Java golang c lua) for I in {1..5};d O for J in "${lanname[@]}"; Do curl "${url}${j}" did sleep 1 done fi