How can I limit connections to my web application per minute?

StackOverflow https://stackoverflow.com/questions/12455830

  •  02-07-2021
  •  | 
  •  

質問

I have tried to use nginx (http://nginx.org/) to limit the amount of requests per minute. For example my settings have been:

server{
limit_req_zone $binary_remote_addr zone=pw:5m rate=20r/m; 
}
location{
limit_req zone=pw nodelay;
}

What I have found with Nginx is that even if I try 1 request per minute, I am allowed back in many times within that minute. Of course fast refreshing of a page will give me the limit page message which is a "503 Service Temporarily Unavailable" return code.

I want to know what kind of settings can be applied to limit a request exactly to 20 requests a minute. I am not looking for flood protection only because Nginx provides this where if a page is constatnly refreshed for example it limits the user and lets them back in after some time with some delay (unless you apply a nodelay setting).

If there is an alternative to Nginx other than HAProxy (because its quite slow). Also the setup I have on Nginx is acting as a reverse proxy to the real site.

役に立ちましたか?

解決

Right there's 2 things:

  1. the limit_conn directive in combination with a limit_conn_zone lets you limit the number of (simultaneous) connnections from an ip (see http://nginx.org/en/docs/http/ngx_http_limit_conn_module.html#limit_conn)
  2. the limit_req directive in combination with a limit_req_zone lets you limit the number of request from a given ip per timeunit (see http://nginx.org/en/docs/http/ngx_http_limit_req_module.html#limit_req)

note:

  • you need to do the limit_conn_zone/limit_req_zone in the http block not the serverblock
  • you then refer to the zone name you set up in the http block from within the server/location block with the etup zone with the limit_con/limit_req settings (as approriate)

since you stated below you're looking to limit requests you need the limit_req directives. Specically to get a max 5 requests per minute, try adding the following:

http {
  limit_req_zone $binary_remote_addr zone=example:10m rate=5r/m;
}

server {
   limit_req zone=example burst=0 nodelay;
}

note: obviously add those to your existing http/server blocks

ライセンス: CC-BY-SA帰属
所属していません StackOverflow
scroll top