Detailed explanation of Nginx's connection limit configuration for IP addresses in a network segment

The so-called connection limit in Nginx is actually a TCP connection, that is, the connection status successfully established by the requester after a three-way handshake. Nginx generally provides us with the ngx_http_limit_conn_module module to provide connection limit function. This module can limit the number of connections for each key value based on the defined key, such as the number of connections from a single IP source.

ngx_http_limit_conn_module directive explained

Syntax: limit_conn zone number;
Default: —
Context: http, server, location

This directive describes the session state storage area. The key's state holds the current number of connections, and the key's value can be any non-null value for a particular variable (null values ​​will not be considered). $variable defines the key, and zone=name defines the zone name. Common usage examples:

limit_conn_zone $binary_remote_addr zone=addr:10m;

server {
  location /download/ {
    limit_conn addr 1;
  }

The above example shows that when a request is made to access /download/, only one request connection can successfully download the resource at the same time.

Network segment restriction

Common limit_conn_zone configurations generally set $binary_remote_addr or $server_name to limit the number of connections at a single IP or host level.

But sometimes we want to limit the number of connections to a certain IP segment, then we can do this:

http {

... ...

  limit_conn_zone $ip_segment zone=network_segment:10m;

  server {
      ... ...
      set $ip_segment $remote_addr;

      if ( $ip_segment ~ ^(\d+)\.(\d+)\.(\d+)\.(\d+) ) {
        set $ip_segment $1.$2.$3;
      }

      location /download/ {
        limit_conn network_segment 10; 
        #limit_rate 200k;
      }

  }
}

This basically satisfies Nginx's requirement to impose a unified connection limit on the number of connections for all IPs in the network segment.

The above is the full content of this article. I hope it will be helpful for everyone’s study. I also hope that everyone will support 123WORDPRESS.COM.