قالب وردپرس درنا توس
Home / Tips and Tricks / How to use speed limit on Nginx – CloudSavvy IT

How to use speed limit on Nginx – CloudSavvy IT



Nginx logo

Price limitation controls how many requests users can make to your site. This is usually in place to stop infringing bots, restrict login attempts and control API usage, which can prevent your server from slowing down under load.

Speed ​​limitation may not always save you from massive traffic increases, so if your server really needs protection, it is good practice to set up a full CDN in front, or at least set up HAProxy load balancing to share the load across multiple servers.

How to enable speed limit in Nginx

First we need to define a speed limiting “zone”

;. You can set multiple zones and assign different location blocks to each zone. For now, let’s create a base zone by adding the following line to yours server or http context blocks:

limit_req_zone $binary_remote_addr zone=foo:10m rate=5r/s;

The limit_req_zone the command defines a zone with $binar_remote_addr as an identifier. This is the client’s IP address, but you can also use something similar $server_name to limit it per server.

The zone flag names the zone (in this case “foo”) and assigns a memory block to the zone. Nginx needs to store IP addresses to check against, so it needs memory for each zone. In this case, 10m allocates 10 megabytes of memory, enough for 160,000 connections per second (which you will probably never see on a single server).

The final flag is speed, which defines the default number of connections each client allows. Here it is set to 5 requests per second, of which 10 is the maximum, but you can set it slower by formatting it as 30r/m (for 30 requests per minute).

Once the zone is configured, it’s time to use it.

location {
  limit_req zone=foo burst=10 nodelay;

  //do webserver stuff
}

The limit_req the directive makes heavy lifting and assigns a block of space to a restricted zone. The burst the parameter gives the client some leeway and allows them to make extra requests as long as they do not exceed the average speed.

Under the hood, it adds burst requests to a “queue” that crosses every 100 seconds. This can make your site look slow, so nodelay the parameter removes this queue delay. With the current configuration, if you made 10 requests at once, nodelay the parameter allows all ten requests and then limits the following requests by 5 requests per second. If you made 6 more requests, it would allow 5 and reject the 6th because it is over the limit. When the client stops making inquiries, the queue crosses at a speed depending on your course.

Two-step limitation

By manually setting the delay variable, it is possible to allow some requests to have no delay while the rest have to wait in the queue. This forms a two-step rate limit, where you want the original requests to be very fast, the follow-up requests are slowed down a bit, then you kick in the speed limit.

This is done by assigning a delay value of limit_req directive:

limit_req zone=ip burst=10 delay=5;

Here, the first five requests will come through directly. The client is then allowed five more requests every 100 minutes until the burst is filled, after which they are limited by the speed variable.

Speed-limiting bandwidth

Restricting requests will block most malicious attacks, but you may want to limit the download speed so that users do not slow down your server by downloading many files.

You can do this with limit_rate Directive, which does not need a restrictive zone configured for it.

limit_rate 100k
limit_rate_after 1m

This sets the maximum download speed to 100 Kbps after 1 megabyte has been downloaded. However, this is measured per connection and users can open several connections. To resolve this, you must add a connection restriction zone next to the restriction zone request:

limit_conn_zone $binary_remote_address zone=bar:10m
limit_req_zone $binary_remote_addr zone=foo:10m rate=5r/s;

This creates a 10 megabyte zone called “bar” that tracks based on IP address. You can use this with one limit_conn directives to enable connection restriction.

server {

  limit_conn bar 5;

  location /static/ {
    limit_conn bar 1;
    limit_rate 100k;
    limit_rate_after 1m;
  }
}

Since most browsers open multiple connections during normal browsing, we want to set the global connection limit higher and then set the limit to 1 connection for download.


Source link