Nginx ngx_http_limit_req_module usage

The ngx_http_limit_req_module (0.7.21) can limit the frequency of request processing by defining key values. In particular, it can limit the frequency of request processing from a single IP address. The method of restriction is to use a "bucket leakage" method-to fix the number of requests processed per second and delay processing of excessive requests.

Configuration Example

Http {
Limit_req_zone $ binary_remote_addr zone = one: 10 m rate = 1r/s;

...

Server {

...

Location/search /{
Limit_req zone = one burst = 5;
        }

 

 

Command

 

Syntax:
Limit_req zone = name [burst = number] [nodelay];
 

Default value:
-

Context:
Http, server, location
 

Set the corresponding shared memory limit domain and the maximum number of requests allowed to be processed. If the request frequency exceeds the value configured in the restricted domain, request processing will be delayed, so all requests are processed at the defined frequency. Requests that exceed the frequency limit will be delayed until the number of delayed requests exceeds the defined threshold, the request will be terminated and a 503 (Service Temporarily Unavailable) error will be returned. The default value of this threshold is 0. For example, these commands:

Limit_req_zone $ binary_remote_addr zone = one: 10 m rate = 1r/s;

Server {
Location/search /{
Limit_req zone = one burst = 5;
    }

Limit an average of no more than one request per second, and the number of requests allowed to exceed the frequency limit cannot exceed 5.

If you do not want the request to be delayed, you can use the nodelay parameter:

Limit_req zone = one burst = 5 nodelay;

 

 

Syntax:
Limit_req_log_level info | notice | warn | error;
 

Default value:
Limit_req_log_level error;
 

Context:
Http, server, location
 

This command appears in version 0.8.18.

Set the desired log level. When the server rejects or delays processing requests due to high frequency, you can write down logs of the corresponding level. The log level of the delayed record is one lower than that of the rejected log level. For example, if "limit_req_log_level notice" is set, the delayed log level is info.

 

Syntax:
Limit_req_zone $ variable zone = name: size rate = rate;
 

Default value:
-

Context:
Http
 

Set a parameter for a shared memory limit domain, which can be used to save the state of the key value. It saves the number of requests that exceed the current limit. The key value is the specified variable (the null value is not calculated ). Example usage:

Limit_req_zone $ binary_remote_addr zone = one: 10 m rate = 1r/s;

 

Here, the status is stored in the shared memory with the name "one" and the maximum size is 10 MB. For this restricted domain, the average request frequency cannot exceed once per second.

The key value is the IP address of the client. If the $ remote_addr variable is not used, and the $ binary_remote_addr variable is used, the size of each state record can be reduced to 64 bytes, in this way, 1 MB of memory can save about 10 thousand records of 6 kB and 64 bytes. If the storage space of the restricted domain is exhausted, the server will return the 503 (Service Temporarily Unavailable) error for all subsequent requests.

The request frequency can be set to several times per second (r/s ). If the request frequency is less than once per second, you can set the number of times per minute (r/m ). For example, 30 R/m is used for half a second.