Shulou(Shulou.com)05/31 Report--

This article mainly introduces the relevant knowledge of how to limit access frequency per unit time in nginx, the content is detailed and easy to understand, the operation is simple and fast, and has a certain reference value. I believe you will gain something after reading this article on how to limit access frequency per unit time in nginx. Let's take a look.

First of all, I would like to say that the reason for this problem is that the website was attacked and Aliyun alerted me and thought of restricting the frequency of access instead of ip (the plan to limit ip will be given later). The return status code of nginx connection resource is 502.After adding the limit of this scheme, it returns 599, which is different from normal status code.

The steps are as follows:

First of all, add the following content to nginx.conf:

Map $http_x_forwarded_for $clientrealip {"" $remote_addr; ~ ^ (? P [0-9\.] +),?. * $$firstaddr;} # safe setting to limit the request number per second limit_req_status 599; limit_req_zone $clientrealip zone=allips:70m rate=5r/s

The size of the session pool is 70m. If there are a lot of restricted ip, it can be reduced. If there are few restricted ip, then a large number of accessible ip should be increased.

5 requests per second, this is also adjusted according to the situation, 5 is more appropriate or a little bit larger.

Then modify www.xxoo.com.conf (this is that lnmp has a configuration file for each virtual host) in server, add the following line to location:

Limit_req zone=allips burst=5 nodelay

In this way, restart nginx can write a script to test concurrency.

A python concurrent script is provided as follows:

Import threadingimport time,urllib2url = 'http://sf.gg/'def worker (): try: response = urllib2.urlopen (url) print response.getcode () except urllib2.httperror, e: print e.codefor i in range (2000): t = threading.thread (target=worker) t.start ()

Both 2000 and http://sf.gg/ can be modified, and then execute python *. Py > out to analyze the distribution of status codes in the out file, if frequency restrictions play a role.

This is the end of the article on "how to restrict access frequency per unit time in nginx". Thank you for reading! I believe you all have a certain understanding of the knowledge of "how to restrict access frequency per unit time in nginx". If you want to learn more, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.