How to limit access frequency, download rate and number of concurrent connections in Nginx

1. Overview of modules and instructions used to limit access frequency, concurrent connections, and download speed

• ngx_http_limit_req_module: used to limit the number of requests per unit time, that is, rate limiting, using the leaky bucket algorithm "leaky bucket"
• ngx_http_limit_conn_module: used to limit the number of connections at the same time, that is, concurrency limit
• limit_rate and limit_rate_after: download speed settings

Leaky bucket algorithm

The algorithm idea is:

• Water (request) is poured into the bucket from above and flows out from the bottom of the bucket (to be processed)
• The water that cannot flow out in time is stored in the bucket (buffer) and flows out at a fixed rate;
• When the bucket is full, the water overflows (discarded).
• The core of this algorithm is: cache requests, process at a uniform speed, and discard redundant requests directly.
• Nginx's request rate limiting module uses a leaky bucket algorithm, which can forcibly ensure that the real-time processing speed of requests does not exceed the set threshold.

2. Limit URL access request frequency

http{ 
    ... 
 
  limit_req_zone $binary_remote_addr zone=one:30m rate=20r/s; 
  limit_req_zone $binary_remote_addr $uri zone=two:30m rate=20r/s; 
  limit_req_zone $binary_remote_addr $request_uri zone=three:30m rate=20r/s; 
  limit_req_status 444; 
    ... 
 
  server{ 
      ... 
 
    limit_req zone=two burst=15 nodelay; 
    ... 
 
  } 
} 

explain:

limit_req_zone $binary_remote_addr zone=one:30m rate=20r/s;

• $binary_remote_addr is to limit the same client IP address to different URLs
• zone: zone name one stores session 30M
• rate: number of requests per second

limit_req_zone $binary_remote_addr $uri zone=two:30m rate=20r/s;

• $binary_remote_addr $uri is to limit the same client IP address to the same URL
• zone: zone name two stores session 30M
• rate: number of requests per second

limit_req_zone $binary_remote_addr $request_uri zone=three:30m rate=20r/s;

• $binary_remote_addr $request_uri is to limit the same client IP address to the same URL
• zone: zone name two stores session 30M
• rate: number of requests per second

limit_req zone=two burst=15 nodelay;

• zone reference area is two,
• burst sets a buffer of size 15. When a large number of requests (bursts) come in, the access exceeds the above limit and can be placed in the buffer first.
• Nodelay is usually used together with burst. If nodelay is set, when the access exceeds the frequency and the buffer is full, 503 will be returned directly. If it is set, all large requests will wait in line.

3. Concurrent connection limit

Case 1:

http { 
  ... 
 
  limit_conn_log_level error; 
  limit_conn_zone $binary_remote_addr zone=addr:10m; 
  limit_conn_status 503; 
 
  ... 
 
  server { 
 
    ... 
 
    location /download/ { 
      limit_conn addr 1; the single client IP is limited to 1 
    } 
    ... 
 
} 

Case 2:

http{ 
limit_conn_zone $binary_remote_addr zone=perip:10m; 
limit_conn_zone $server_name zone=perserver:10m; 
 
  server { 
    ... 
    limit_conn perip 10; #Number of connections between a single client IP and the server limit_conn perserver 100; #Limit the total number of connections to the server} 
} 

4. Limit download speed

location /download { 
  limit_rate 128k; 
 } 
 
#If you want to set the user to download the first 10m of the file without speed limit, and limit the speed to 128kb/s after it exceeds 10m, you can add the following content location /download { 
    limit_rate_after 10m; 
    limit_rate 128k; 
 } 

The above is the full content of this article. I hope it will be helpful for everyone’s study. I also hope that everyone will support 123WORDPRESS.COM.