How nginx handles the number of requests

nginx is lightweight and powerful, and can withstand hundreds of concurrency. Ddos attacks hardly affect the work of nginx itself. However, too many requests begin to affect the back-end services.

So corresponding restrictions must be made in nginx to prevent attacks from reaching the back-end server. Described here is the ngx_http_limit_req_module module that can limit the number of requests per unit time.

The simple steps of installing the module will not be introduced here. I will introduce the configuration parameters. I hope it will be useful to everyone.

1. nginx limits the number of requests ngx_http_limit_req_module module                                                                                                                                                                                                                                                                   # Definition is the parameter of limitation. This is set in http.

limit_req_zone

Syntax: limit_req_zone $variable zone=name:size rate=rate;

Default value: none

Configuration section: http

Example:

limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;

Description: The area name is one, the size is 10m, and the average request frequency processed cannot exceed one per second.

The key value is the client IP.

Using the $binary_remote_addr variable, the size of each status record can be reduced to 64 bytes, so that 1M of memory can save approximately 16,000 64-byte records.

If the storage space of the restricted domain is exhausted, the server will return a 503 (Service Temporarily Unavailable) error for all subsequent requests.

The speed can be set to the number of requests processed per second and the number of requests processed per minute. The value must be an integer, so if you need to specify less than 1 request per second and one request in 2 seconds, you can Use "30r/m".

2. Set the log level you want.

limit_req_log

Syntax: limit_req_log_level info | notice | warn | error;

Default value: limit_req_log_level error;

Configuration section: http, server, location

When the server rejects or delays processing requests because the frequency is too high, logs of the corresponding level can be recorded. The log level for delayed logging is one level lower than that for rejection; for example, if "limit_req_log_level notice" is set, the delayed log is info level.

3. Set the error return value.

Syntax: limit_req_status code;

Default value: limit_req_status 503;

Configuration section: http, server, location

This command is in 1.3 Introduced in version .15. Sets the response status code for rejected requests.

4. Set the corresponding shared memory limit domain and the maximum number of requests allowed to be processed.

Syntax: limit_req zone=name [burst=number] [nodelay];

Default value: —

Configuration section: http, server, location

limit_req_zone $binary_remote_addr zone=ttlsa_com:10m rate=1r/s;
server {
    location /www.ttlsa.com/ {
        limit_req zone=ttlsa_com burst=5;
    }
}

Limit no more than one request per second on average, and allow no more than 5 requests exceeding the frequency limit at the same time.

If you do not want more requests to be delayed, you can use the nodelay parameter, such as:

limit_req zone=ttlsa_com burst=5 nodelay;

The above is the detailed content of How nginx handles the number of requests. For more information, please follow other related articles on the PHP Chinese website!