XZ

Xiao Z's blog

Learn, build, share

Nginx: Limiting Concurrent Connections and Download Speeds

nginx limit connectionsnginx download speed limitngx_http_limit_conn_modulenginx http2 connection limitnginx rate limiting
Published·Modified·

The ngx_http_limit_conn_module is used to limit the number of connections for each defined key, particularly connections from a single IP address. Meanwhile, ngx_http_core_module can be used to limit download speeds. Both are built-in Nginx modules and do not require additional installation.

Limiting Connections with ngx_http_limit_conn_module

# Must be placed within the http block
limit_conn_zone $binary_remote_addr zone=addr:10m;

server {
    location /download/ {
        limit_conn addr 10;
    }
}
  • $binary_remote_addr: An Nginx variable representing the client IP.
  • zone: The name of the shared memory zone (e.g., addr), which must be referenced later.
  • 10m: The size of the shared memory zone. This memory stores client IPs; the total shared memory should not exceed 10MB.
  • limit_conn addr 10: Limits the maximum number of connections for the addr zone to 10.

However, in HTTP/2, each concurrent request is treated as a separate connection, so the above configuration may not work as expected if HTTP/2 is enabled. The following configuration improves this by limiting both the number of connections per client IP and the total connections to the virtual server.

# Must be placed within the http block
limit_conn_zone $binary_remote_addr zone=perip:10m;
limit_conn_zone $server_name zone=perserver:10m;

server {
    ...
    # Limit connections for the perip zone (client IP) to 10
    limit_conn perip 10;
    # Limit connections for the perserver zone (current virtual server) to 100
    limit_conn perserver 100;
}

For more details, refer to the Nginx official documentation: http://nginx.org/en/docs/http/ngx_http_limit_conn_module.html

Limiting Download Speed with ngx_http_core_module

# Start limiting speed after the data reaches 100M (note: this refers to a single connection reaching 100M)
limit_rate_after 100M;
# Limit the speed of a single connection to 10k/s
limit_rate 10k;
  • limit_rate_after: Specifies the data size threshold after which speed limiting begins (set to 100M here).
  • limit_rate: Sets the speed limit for a single connection (set to 10k/s here). If the maximum number of connections for the same IP is limited to 10, the total download speed cannot exceed 100k/s.

For more information, refer to the Nginx official documentation: http://nginx.org/en/docs/http/ngx_http_core_module.html#limit_rate

Simultaneously Limiting Connections and Download Speed

By integrating the configurations above, we can limit both the maximum number of connections per IP and the download speed.

# Must be placed within the http block
limit_conn_zone $binary_remote_addr zone=perip:10m;
limit_conn_zone $server_name zone=perserver:10m;

# Must be placed within the server block
limit_conn perip 10;
limit_conn perserver 100;
limit_rate_after 100M;
limit_rate 10k;

The meaning of the above configuration is to limit the maximum number of connections for a single IP to 10 and the total number of connections for a single virtual server to 100. When the requested data reaches 100M (referring to a single connection reaching 100M), the connection speed is limited to 10k/s. If 10 connections are generated, the maximum speed cannot exceed 100k/s.

Final Notes

After modifying the configuration, it is recommended to use nginx -t to check the syntax first to ensure there are no errors. Do not forget to reload Nginx to apply the changes.