How to use Nginx to limit access frequency, download rate and number of concurrent connections

1. Overview of modules and instructions used to limit access frequency, concurrent connections, and download speed

• ##ngx_http_limit_req_module: used to limit the number of requests per unit time , that is, rate limiting, the leaky bucket algorithm used "leaky bucket"

• ngx_http_limit_conn_module: used to limit the number of connections at the same time, that is, concurrency limit

• limit_rate and limit_rate_after: Download speed settings

Leaky bucket algorithm

The algorithm idea is:

• Water (request) is poured into the bucket from above and flows out from the bottom of the bucket (processed)

• The water that cannot flow out in time is stored in the bucket (buffer) to Fixed rate outflow;

• The water overflows (discards) when the bucket is full.

• The core of this algorithm is: caching requests, processing them at a uniform speed, and discarding redundant requests directly.

• nginx rate-limiting module by request rate uses a leaky bucket algorithm, which can forcibly guarantee that the real-time processing speed of requests will not exceed the set threshold

2. Limit the frequency of url access requests

http{ 
    ... 
 
  limit_req_zone $binary_remote_addr zone=one:30m rate=20r/s; 
  limit_req_zone $binary_remote_addr $uri zone=two:30m rate=20r/s; 
  limit_req_zone $binary_remote_addr $request_uri zone=three:30m rate=20r/s; 
  limit_req_status 444; 
    ... 
 
  server{ 
      ... 
 
    limit_req zone=two burst=15 nodelay; 
    ... 
 
  } 
}

Explanation:

limit_req_zone $binary_remote_addr zone=one:30m rate=20r/s;

• $binary_remote_addr is to limit different URLs for the same client IP address

• zone: zone name one stores session30m

• rate : Number of requests per second

limit_req_zone $binary_remote_addr $uri zone=two:30m rate=20r/s;

• $binary_remote_addr $uri It is to limit the same client IP address to the same URL

• zone: zone name two stores session30m

• rate: number of requests per second

limit_req_zone $binary_remote_addr $request_uri zone=three:30m rate=20r/s;

• $binary_remote_addr $request_uri is to limit the same client ip address to the same url

• zone: zone name two stores session 30m

• rate: number of requests per second

limit_req zone=two burst=15 nodelay;

• zone reference area is two,

• #burst sets a buffer with a size of 15, when When a large number of requests (burst) come in, if the access exceeds the above limit, it can be placed in the buffer first.

• nodelay is generally used together with burst. If nodelay is set, when the access exceeds the frequency and the buffer is full, 503 will be returned directly. If set, all Large requests will be queued

3. Limit on the number of concurrent connections

Case 1:

http { 
  ... 
 
  limit_conn_log_level error; 
  limit_conn_zone $binary_remote_addr zone=addr:10m; 
  limit_conn_status 503; 
 
  ... 
 
  server { 
 
    ... 
 
    location /download/ { 
      limit_conn addr 1; 单个客户端ip限制为1 
    } 
    ... 
 
}

Case 2:

http{ 
limit_conn_zone $binary_remote_addr zone=perip:10m; 
limit_conn_zone $server_name zone=perserver:10m; 
 
  server { 
    ... 
    limit_conn perip 10;  #单个客户端ip与服务器的连接数 
    limit_conn perserver 100; #限制与服务器的总连接数 
  } 
}

4. Limit download speed

location /download { 
  limit_rate 128k; 
 } 
 
#如果想设置用户下载文件的前10m大小时不限速，大于10m后再以128kb/s限速可以增加以下配内容 
 
location /download { 
    limit_rate_after 10m; 
    limit_rate 128k; 
 }

The above is the detailed content of How to use Nginx to limit access frequency, download rate and number of concurrent connections. For more information, please follow other related articles on the PHP Chinese website!