> limit_req works with multiple connections, it is usually configured per IP
> using $binary_remote_addr. See
> http://nginx.org/en/docs/http/ngx_http_limit_req_module.html#limit_req_zone
> - you can use variables to set the key to whatever you like.
>
> limit_req generally helps protect eg your ba
> limit_req works with multiple connections, it is usually configured per IP
> using $binary_remote_addr. See
> http://nginx.org/en/docs/http/ngx_http_limit_req_module.html#limit_req_zone
> - you can use variables to set the key to whatever you like.
>
> limit_req generally helps protect eg your ba
> Re-reading the original post, it was concluded that multiple connection
> don't effect the rate limiting. I interpreted this incorrectly the first time:
>
> "Nginx's limit_rate
> function limits the data transfer rate of a single connection."
>
> But I'm certain a few posts, perhaps not on
Re-reading the original post, it was concluded that multiple connection don't
effect the rate limiting. I interpreted this incorrectly the first time:
"Nginx's limit_rate
function limits the data transfer rate of a single connection."
But I'm certain a few posts, perhaps not on the nginx for
e across those connections. Nginx's limit_rate
> function limits the data transfer rate of a single connection.
>
>
> http://mailman.nginx.org/pipermail/nginx/2014-February/042337.html
> ---
>
> Original Message
> From: Richard Stanway
> Sent: Monday, Se
chard Stanway
Sent: Monday, September 12, 2016 2:39 PM
To: nginx@nginx.org
Reply To: nginx@nginx.org
Subject: Re: limit-req and greedy UAs
limit_req works with multiple connections, it is usually configured per IP
using $binary_remote_addr. See
http://nginx.org/en/docs/http/ngx_http_limit_req_
limit_req works with multiple connections, it is usually configured per IP
using $binary_remote_addr. See
http://nginx.org/en/docs/http/ngx_http_limit_req_module.html#limit_req_zone
- you can use variables to set the key to whatever you like.
limit_req generally helps protect eg your backend again
> https://www.nginx.com/blog/tuning-nginx/
>
> I have far more faith in this write up regarding tuning than the anti-ddos,
> though both have similarities.
>
> My interpretation is the user bandwidth is connections times rate. But you
> can't limit the connection to one because (again my interp
eb-server.htm
> l
>
> Beware of creating false positives with such rules. When developing
> code, I return a 444 then search the access.log for what it found,
> just to insure I wrote the rule correctly.
>
>
>
>
>
>
> Original Message
> From: Grant
>
requests.
This status code is not seen by the client, it only appears in nginx log files.
Original Message
From: B.R.
Sent: Monday, September 12, 2016 1:08 AM
To: nginx ML
Reply To: nginx@nginx.org
Subject: Re: limit-req and greedy UAs
You could also generate 304 responses for content you won&#
allow eyeballs but not machines.
>
> You can also use commercial blocking services if you trust them. (I don't.
> )
>
>
> Original Message
> From: Grant
> Sent: Sunday, September 11, 2016 10:28 AM
> To: nginx@nginx.org
> Reply To: nginx@nginx.org
> Subject: Re
is to allow eyeballs but
not machines.
You can also use commercial blocking services if you trust them. (I don't. )
Original Message
From: Grant
Sent: Sunday, September 11, 2016 10:28 AM
To: nginx@nginx.org
Reply To: nginx@nginx.org
Subject: Re: limit-req and greedy UAs
> This page has all the secret sauce, including how to limit the number of
> connections.
>
> https://www.nginx.com/blog/mitigating-ddos-attacks-with-nginx-and-nginx-plus/
>
> I set up the firewall with a higher number as a "just in case."
Should I basically duplicate my limit_req and limit_req
> I suspect you are referring to the countless variations on the favicon, with
> Apple being the worst offender since they have many "touch" files. Android
> has them too. Just make the files.
I disagree but maybe because of my webmastering style. I don't know
what more of these files will sho
Beware of creating false positives with such rules. When developing code, I
return a 444 then search the access.log for what it found, just to insure I
wrote the rule correctly.
Original Message
From: Grant
Sent: Sunday, September 11, 2016 5:30 AM
To: nginx@nginx.org
Reply To: nginx@nginx.o
nginx.org
Reply To: nginx@nginx.org
Subject: Re: limit-req and greedy UAs
> Since this limit is per IP, is the scenario you stated really a problem?
> Only that IP is effected. Or as is often the case, did I miss something?
The idea (which I used bad examples to illustrate) is that some
mains
> Since this limit is per IP, is the scenario you stated really a problem?
> Only that IP is effected. Or as is often the case, did I miss something?
The idea (which I used bad examples to illustrate) is that some
mainstream browsers make a series of requests for files which don't
necessarily e
> What looks to me to be a real resource hog that quite frankly you cant do
> much about are download managers. They open up multiple connections, but the
> rate limits apply to each individual connection. (this is why you want to
> limit the number of connections.)
Does this mean an attacker
But again, if you have a particular IP behaving badly, and limiting for that IP kicks in, I say they get what they deserve. The goal of limiting resources to one particular IP is to prevent other users from havin
You can put limit_req in a location, for example do not limit static files
and only limit expensive backend hits, or use two different thresholds.
On Fri, Sep 9, 2016 at 3:39 AM, wrote:
> Since this limit is per IP, is the scenario you stated really a problem?
> Only that IP is effected. Or as
Since this limit is per IP, is the scenario you stated really a problem? Only
that IP is effected. Or as is often the case, did I miss something?
http://nginx.org/en/docs/http/ngx_http_limit_req_module.html
Original Message
From: Grant
Sent: Thursday, September 8, 2016 6:24 PM
To: nginx@ngi
21 matches
Mail list logo
