Nginx limits the number of connections and requests of an IP address in the same time period.

Nginx limits the number of connections and requests of an IP address in the same time period.

Nginx can use the ngx_http_limit_conn_module and ngx_http_limit_req_module configurations to limit the number of accesses of ip addresses within the same period of time.

Ngx_http_limit_conn_module: This module is used to limit the number of connections to each defined key, especially the number of connections to a single IP address. Use the limit_conn_zone and limit_conn commands.

Ngx_http_limit_req_module: used to limit the processing rate of requests for each defined key, especially requests from a single IP address. Use the "Leak Bucket" method to restrict. Command: limit_req_zone and limit_req.

 

Ngx_http_limit_conn_module: Example of limiting the number of connections of a single IP Address:

Http {limit_conn_zone $ binary_remote_addr zone = addr: 10 m; # define a limit_req_zone named addr to store sessions. The size is 10 m in memory. # use $ binary_remote_addr as the key, # After nginx 1.18, use limit_conn_zone to replace limit_conn. # It can only be placed in the http {} code segment .... server {... location/download/{limit_conn addr 1; # connection limit # Set the shared memory region for the given key value and the maximum number of connections allowed. If the limit is exceeded, the Server Returns Error 503 (service temporarily unavailable.
# If the storage space in the region is insufficient, the Server Returns Error 503 (service temporarily unavailable ).
}

 

There may be severallimit_connCommand. The following configuration limits the number of connections between each client IP address and the server, and limits the total number of connections to the virtual server.:

 

Http {limit_conn_zone $ binary_remote_addr zone = perip: 10 m; limit_conn_zone $ server_name zone = perserver: 10 m... server {... limit_conn perip 10; # Number of connections between a single client ip address and the server. limit_conn perserver 100; # limit the total number of connections to the server}

 

Reference: http://nginx.org/en/docs/http/ngx_http_limit_conn_module.html

 

 

Ngx_http_limit_req_module: limits the number of requests from a single IP address at a time. Example:

Http {limit_req_zone $ binary_remote_addr zone = one: 10 m rate = 1r/s;... # define a limit_req_zone named one to store sessions. The size is 10 MB,

# With $ binary_remote_addr as the key, the average number of requests per second is limited to 1,
#16000 statuses can be stored at 1 MB. The rete value must be an integer,
　　
Server {... location/search/{limit_req zone = one burst = 5;
　　　　　　　　
# Limit the number of requests per ip address per second. The number of missing buckets (burst) is 5, that is, the queue.
# Nodelay.
# Example:
# Settingsrate=20r/S has 20 requests per second and 5 Missing buckets (burst,
# Brust means that if 1st, 2, 3, and 4 requests are 19, and 25 requests are allowed in 5th, it can be understood as 20 + 5.
# However, if you have 25 requests in 1st seconds and 2nd requests in 503 seconds exceed 20, error will be returned.
# If the storage space in the region is insufficient, the Server Returns Error 503 (service temporarily unavailable ).
# The speed is specified in the request per second (r/s ). If the request rate is less than one request per second, it is specified in the request per minute (r/m.
　　　　　　　　

}

 

You can also limit the processing rate of requests from a single IP address and the request processing rate of the virtual server:

 

Http {limit_req_zone $ binary_remote_addr zone = perip: 10 m rate = 1r/s; limit_req_zone $ server_name zone = perserver: 10 m rate = 10r/s ;... server {... limit_req zone = perip burst = 5 nodelay; # five buckets are missing. that is, the number of queues. nodelay: do not enable latency. limit_req zone = perserver burst = 10; # limit the processing speed of nginx to 10 per second}

 

Reference: http://nginx.org/en/docs/http/ngx_http_limit_req_module.html