Rate Limiting With nginx
Selasa, 06 November 2012
0
komentar
http://www.howtoforge.com/rate-limiting-with-nginx
This article explains how to use the nginx HttpLimitReqModule to limit the number of requests for a given session. This is useful, for example, if your site is hammered by a bot doing multiple requests per second and thus increasing your server load. With the HttpLimitReqModule you can define a rate limit, and if a visitor exceeds this rate, he will get a 503 error.
I do not issue any guarantee that this will work for you!
This area is called one and is allocated 10MB of storage. Instead of the variable $remote_addr, we use the variable $binary_remote_addr which reduces the size of the state to 64 bytes. There can be about 16,000 states in a 1MB zone, so 10MB allow for about 160,000 states, so this should be enough for your visitors. The rate is limited to one request per second. Please note that you must use integer values here, so if you'd like to set the limit to half a request per second, you'd use 30r/m (30 requests per minute).
To put this limit to work, we use the limit_req directive. You can use this directive in http {}, server {}, and location {} containers, but in my opinion it is most useful in location {} containers that pass requests to your app servers (PHP-FPM, mongrel, etc.) because otherwise, if you load a single page with lots of images, CSS, and JavaScript files, you would probably exceed the given rate limit with a single page request.
So let's put this in a location ~ \.php$ {} container:
).
If you don't want to use this queue (i.e. deliver a 503 immediately if someone exceeds the rate limit), you must use the nodelay option:
Don't forget to reload nginx to make your changes take effect:
This article explains how to use the nginx HttpLimitReqModule to limit the number of requests for a given session. This is useful, for example, if your site is hammered by a bot doing multiple requests per second and thus increasing your server load. With the HttpLimitReqModule you can define a rate limit, and if a visitor exceeds this rate, he will get a 503 error.
I do not issue any guarantee that this will work for you!
1 Using The HttpLimitReqModule
Open your nginx.conf...vi /etc/nginx/nginx.conf
... and define an area where the session states are stored - this must go inside the http {} container: http { |
To put this limit to work, we use the limit_req directive. You can use this directive in http {}, server {}, and location {} containers, but in my opinion it is most useful in location {} containers that pass requests to your app servers (PHP-FPM, mongrel, etc.) because otherwise, if you load a single page with lots of images, CSS, and JavaScript files, you would probably exceed the given rate limit with a single page request.
So let's put this in a location ~ \.php$ {} container:
[...] |
limit_req zone=one burst=5; specifies that this rate limit belongs to the session storage area we defined before (because of zone=one) which means the rate limit is 1r/s. You can imagine the meaning of burst like a kind of queue. It means that if you exceed the rate limit, the following requests are delayed, and only if you have more requests waiting in the queue than specified in the burst parameter, will you get a 503 error (e.g. like this:
).
If you don't want to use this queue (i.e. deliver a 503 immediately if someone exceeds the rate limit), you must use the nodelay option:
[...] |
/etc/init.d/nginx reload
2 Links
- nginx: http://nginx.net/
- nginx Wiki: http://wiki.codemongers.com/Main
- HttpLimitReqModule: http://wiki.nginx.org/NginxHttpLimitReqModule
TERIMA KASIH ATAS KUNJUNGAN SAUDARA
Judul: Rate Limiting With nginx
Ditulis oleh Unknown
Rating Blog 5 dari 5
Semoga artikel ini bermanfaat bagi saudara. Jika ingin mengutip, baik itu sebagian atau keseluruhan dari isi artikel ini harap menyertakan link dofollow ke http://androidjapane.blogspot.com/2012/11/rate-limiting-with-nginx.html. Terima kasih sudah singgah membaca artikel ini.Ditulis oleh Unknown
Rating Blog 5 dari 5
0 komentar:
Posting Komentar