nginx prohibits high-frequency ip access

Enterprise 2023-09-19 10:21:32 views: null

Sometimes we will use the number of IP visits within a certain period of time to determine whether the user has malicious access to achieve the purpose of preventing brushing. Let’s use the nginx module to limit it.

 nginx module limits ip

    #nginx.conf
    http{
    ...
     
    limit_req_zone $binary_remote_addr zone=limits:10m rate=50r/s;
    limit_conn_zone $binary_remote_addr zone=conn_zone:10m;
     
    server {
        limit_req zone=limits burst=50;
        
        limit_conn conn_zone 1;
        limit_rate 50k;
    }
    ...
     
    }

limit_req_zone: Limit the number of requests per unit time

limit_req_conn: Limit the number of connections (concurrency) at the same time

If the limit is exceeded, a 503 error will be returned directly.

 limit_req_zone module

    limit_req_zone $binary_remote_addr zone=five:10m rate=50r/s;

$binary_remote_addr: Indicates restriction through the remote_addr flag. The purpose of "binary_" is to abbreviate the memory usage and limit the same client IP address. 

zone=limits:10m: Indicates that a memory area with a size of 10M and a name of limits is generated to store access frequency information. 

rate=1r/s: Indicates the access frequency allowed for clients with the same identification. The limit here is 1 time per second, and it can also be 30r/m, for example.

    limit_req zone=limits burst=50;

zone=limits: Which configuration zone is used for restrictions, corresponding to the name in limit_req_zone above. 

burst=50: The burst configuration means to set a buffer with a size of 50. When a large number of requests (burst) come, requests that exceed the access frequency limit can be placed in this buffer first. 

 limit_conn_zone module

  As the name suggests, this is to limit the connection IP after reading the request header.

    limit_conn_zone $binary_remote_addr zone=conn_zone:10m;

zone=addr:10m; means generating a memory area with a size of 10M and a name of conn_zone to store access frequency information.

    limit_conn conn_zone 1;

 limit_conn conn_zone 1; indicates that each IP can only initiate one concurrent connection.

    limit_rate 50k;

 limit_rate 50k; means limiting the speed of each connection to 50k. Note that this is the connection speed limit, not the IP speed limit. If an IP allows two concurrent connections, then the IP is limited to limit_rate×2.

Guess you like

Origin blog.csdn.net/panjiapengfly/article/details/118189070
Recommended
Ranking
Electric Motor Manufacturer - What Is An Asynchronous Motor?
Operating System (2) - the physical memory (continuous non-continuous) administration
PAT B 1013 (JAVA) - Long brush brother's title path
Java multi-threading (XIII): Thread Pool
gitignre
agc047_a A-Integer Product Mathematical Ideas
Bitcoin block structure Merkle tree and simple payment verification analysis
当技术重构遇上DDD,如何实现业务、技术双赢?
java.lang.IllegalArgumentException: Comparison method violates its general contract!
How to deal with the problem of data skew in Spark tasks?
Daily
More
2024-07-04(0)
2024-07-03(0)
2024-07-02(0)
2024-07-01(0)
2024-06-30(0)
2024-06-29(0)
2024-06-28(0)
2024-06-27(0)
2024-06-26(0)
2024-06-25(0)

Code World

© 2018 codetd.com