Publish: 2019-03-22 | Modify: 2019-03-22
The ngx_http_limit_conn_module module is used to limit the number of connections for each defined key, especially the number of connections from a single IP address. The ngx_http_core_module can limit the download speed. Both of these are built-in modules in Nginx and do not require additional installation.
ngx_http_limit_conn_module limits the number of connections:
# Needs to be written in the http block
limit_conn_zone $binary_remote_addr zone=addr:10m;
server {
location /download/ {
limit_conn addr 10;
}
}
$binary_remote_addr
: Nginx variable, refers to the client's IP addresszone
: Name of the zone, can be any value, here it is set to "addr" and will be used later10m
: Sets the shared memory, my understanding is that the client's IP will be stored in this memory, with a total shared memory of 10M, but I'm not sure if this is correct.limit_conn addr 10
: Limits the maximum number of connections for the "addr" zone to 10However, in HTTP/2
, each concurrent request is treated as a separate connection, so the above settings will not work if the website is using HTTP/2
. We can further improve the configuration. The following configuration limits the number of connections per client IP to the server and also limits the total number of connections to the virtual server.
# Written in the http block
limit_conn_zone $binary_remote_addr zone=perip:10m;
limit_conn_zone $server_name zone=perserver:10m;
server {
...
# Limits the number of connections for the "perip" zone (client IP) to 10
limit_conn perip 10;
# Limits the number of connections for the "perserver" zone (current virtual server) to 100
limit_conn perserver 100;
}
For more detailed explanations, please refer to the Nginx official documentation.
ngx_http_core_module limits the download speed:
# Limit the speed after the data reaches 100M (note: this refers to a single connection reaching 100M)
limit_rate_after 100M;
# Limit the speed of a single connection to 10k/s
limit_rate 10k;
limit_rate_after
: Specifies the size of data to be reached before limiting the speed (set to 100M here)limit_rate
: Sets the speed limit for a single connection, set to 10k/s. If the maximum number of connections for the same IP is set to 10, then the total download speed should not exceed 100k/s.For more information, please refer to the Nginx official documentation.
Simultaneously limiting the number of connections and download speed:
Let's integrate the above configurations. We want to limit both the maximum number of connections from a single IP and the download speed.
# Written in the http block
limit_conn_zone $binary_remote_addr zone=perip:10m;
limit_conn_zone $server_name zone=perserver:10m;
# Written in the server block
limit_conn perip 10;
limit_conn perserver 100;
limit_rate_after 100M;
limit_rate 10k;
The above configuration limits the maximum number of connections from a single IP to 10 and limits the total number of connections to the virtual server to 100. When the requested data reaches 100M (for a single connection), the connection speed is limited to 10k/s. If there are 10 connections, the maximum speed should not exceed 100k/s.
Finally, after modifying the configuration, it is recommended to use nginx -t
to check the syntax to ensure there are no issues, and don't forget to reload Nginx for the changes to take effect.
I come from China and I am a freelancer. I specialize in Linux operations, PHP, Golang, and front-end development. I have developed open-source projects such as Zdir, ImgURL, CCAA, and OneNav.