Shulou(Shulou.com)06/01 Report--

This article will explain in detail how to prevent traffic attacks in Nginx. The content of the article is of high quality, so the editor shares it for you as a reference. I hope you will have a certain understanding of the relevant knowledge after reading this article.

Conf configuration

# configure uniformly in the burst domain # restrict request limit_req_zone $binary_remote_addr $uri zone=api_read:20m rate=50r/s;# configure a connection by ip zonelimit_conn_zone $binary_remote_addr zone=perip_conn:10m;# configure a connection by server configure a connection zonelimit_conn_zone $server_name zone=perserver_conn:100m;server {listen 80; server_name report.52itstyle.com; index login.jsp; location / {# request flow limit queuing through burst default is 0 limit_req zone=api_read burst=5 # limit the number of connections per IP concurrent request is 2 limit_conn perip_conn 2; # the number of connections limited by the service (that is, limits the number of concurrent connections to the server) limit_conn perserver_conn 1000; # connection speed limit limit_rate 100k; proxy_pass http://report;}} upstream report {fair; server 172.16.1.120 server 8882 weight=1 max_fails=2 fail_timeout=30s; server 172.16.1.120 server 8881 weight=1 max_fails=2 fail_timeout=30s;}

Configuration 503 error

By default, if the limit is exceeded, a 503 error will be reported, prompting:

503 Service Temporarily UnavailableThe server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later. Sorry for the inconvenience.Please report this message and include the following information to us.Thank you very much!

There is nothing wrong with this display, but it is not friendly enough. Here we customize 503 errors.

Error_page 500502 503 504 / 50x.htl location = / 50x.html/ http://www.bbqmw.net/qm_yeqm/ {root html;# Custom 50x error}

Configuration description

Limit_conn_zone

Is to define a container for storing session state for each IP. In this example, a 100m container is defined, which can handle 3200000 session according to 32bytes/session.

Limit_rate 300k

The speed limit for each connection is 300k. Note that this is a speed limit for connections, not for IP. If an IP allows two concurrent connections, then the IP is the speed limit limit_rate × 2.

Burst=5

This is equivalent to putting five seats next to the checkpoint req. If a request is stopped if it exceeds the speed limit, ask him to sit in an empty seat and wait in line. If the checkpoint is empty, he can pass. If even the seats are full, I'm sorry, the request is returned directly, and the client gets a busy response from the server. So burst has nothing to do with request_rate. Set it to 10000, which means 10, 000 requests can be queued up, while the checkpoint still releases 5 requests per second (turtle speed). And can not always queue, so nginx also set a timeout, queuing for more than a certain period of time, but also directly returned to the server busy response.

On how to prevent traffic attacks in Nginx to share here, I hope that the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.