I'm very sorry for mistake.I means limit_rate such as
http {
limit_zone one $binary_remote_addr 10m;
server {
location /files/ {
limit_conn one 1;
limit_rate 20k;
}
}
}
per conn per 20K
在 2013-1-9,上午11:15,Reindl Harald <[email protected]> 写道:
>
>
> Am 09.01.2013 04:05, schrieb Leif Hedstrom:
>> On 1/8/13 6:55 PM, [email protected] wrote:
>>> HI!all
>>> I want to limit the number of concurrent connections at ATS .such as Nginx
>>> (limit_conn
>>> <http://wiki.nginx.org/NginxHttpLimitZoneModule#limit_conn> and limit_zone
>>> modules).
>>> someone can give me some advice?
>>>
>>
>> CONFIG proxy.config.net.connections_throttle INT 30000
>>
>>
>> That's an approximation though, it's both client and origin connections
>> (it's the number of sockets that it
>> throttles on). Once you hit this limit, it'll start throttling. I'm assuming
>> by concurrent you mean connected
>> sockets, and not active connections (there's no way to throttle the number
>> of active connections, afaik. It'd be
>> nice to have though).
>
> did you have a look at the link?
> http://wiki.nginx.org/NginxHttpLimitZoneModule#limit_conn
>
> the request was how to limit the ACTIVE connections from the
> same IP as example some idiot who try a DOS attack by open
> a lot of connections and let them open until timeout
>
> this would be genrally nice
>
> but IMHO the application layer is the wrong one
> iptables_recent -> limit connection per IP / second
> this is much more effective because the service itself
> is not touched if one exceeds the limit
>
