The NGINX HTTP Server
[ 130 ]Directive Explanation
limit_req_zone Specifies the key to be limited in limit_
req as the first parameter. The second
parameter, zone, indicates the name of the
shared memory zone used to store the key
and current number of requests per key and
the size of that zone (name:size). The third
parameter, rate, configures the number
of requests per second (r/s) or per minute
(r/m) before the limit is imposed.
max_ranges Sets the maximum number of ranges
allowed in a byte-range request. Specifying
0 disables byte-range support.Here we limit access to 10 connections per unique IP address. This should be enough
for normal browsing, as modern browsers open two to three connections per host.
Keep in mind, though, that any users behind a proxy will all appear to come from
the same address. So observe the logs for error code 503 (Service Unavailable),
meaning that this limit has come into effect:
http {limit_conn_zone $binary_remote_addr zone=connections:10m;limit_conn_log_level notice;server {limit_conn connections 10;}}Limiting access based on a rate looks almost the same, but works a bit differently.
When limiting how many pages per unit of time a user may request, NGINX will
insert a delay after the first page request, up to a burst. This may or may not be
what you want, so NGINX offers the possibility to remove this delay with the
nodelay parameter: