Nginx 速率限制重用

huangapple go评论64阅读模式
英文:

Nginx rate limiting reuse

问题

我们的公司希望根据HTTP头部使用Nginx速率限制。到目前为止,我们有以下配置:

limit_req_zone $http_CLIENT_KEY zone=newzone:10m rate=1r/m;

server {
    listen 80;

    location / {
        limit_req zone=newzone burst=9 nodelay;
        limit_req_status 429;
        proxy_pass http://127.0.0.1:8080;
    }
}

我们想要为每个CLIENT-KEY头部只允许10个请求/分钟,并在1分钟内阻止它们。这个配置文件有效,但是在1分钟后,根据速率,我们只能每分钟发送1个请求,而不是10个。

有人有什么想法吗?

谢谢。

英文:

Our company wants to use nginx rate limit base on http headers. We have this configuration till now:

limit_req_zone $http_CLIENT_KEY zone=newzone:10m rate=1r/m;

server {
    listen 80;

    location / {
        limit_req zone=newzone burst=9 nodelay;
        limit_req_status 429;
        proxy_pass http://127.0.0.1:8080;
    }
}

We want to give permission to every CLIENT-KEY header only 10r/m and block them for 1 minute. This config file works but after 1 minute, based on rate we can just send 1 request every minute and not 10.

Does anyone have any ideas?

Thanks

答案1

得分: 0

你正在定义每分钟允许1个请求的速率限制。
然后,您定义了一个队列(burst),用于保存要代理的传入请求,共有9个空间。
因为您设置了 nodelay 参数,所以前9个请求会立即被代理,您不会收到 503 错误,但队列(burst)会在按照每分钟1个请求的速率限制进行清空。

这就是为什么您可以在一分钟过去后发送1个请求!

以下是可能会对您有帮助的配置:

http {
  # 定义每分钟10个请求的限制
  limit_req_zone $http_CLIENT_KEY zone=newzone:10m rate=10r/m;

  # 配置反向代理服务器
  server {
    listen 80;
    server_name example.com;

    # 限制每秒10个请求
    limit_req zone=newzone burst=5 nodelay;

    # 代理请求到后端服务器
    location / {
      proxy_pass http://127.0.0.1:8080;
    }

    # 当客户端超过限制时,禁止其访问一分钟
    error_page 503 @ban;
    location @ban {
      add_header Retry-After 60;
      return 503;
    }
  }
}

使用这个配置,您可以在不使用队列(burst)的情况下,每隔6秒发送1个请求,但如果您在一分钟内频繁这样做,您可以发送15个请求,然后队列将开始逐渐清空。

您还可以使用另一种方法,在客户端超过限制时禁止其访问一分钟,并允许队列开始逐渐清空。

希望我的回答有帮助!

英文:

You are defining a rate limit for 1 request per minute .
Then you have defined a queue (burst) that has 9 spaces for saving incoming requests to be proxied.
because you have set the nodelay parameter , the 9 request will be proxied immediately and you wont get 503 BUT the queue (burst) gets full and it gets emptied based on your rate limit that is 1 request per minute.

Thats why you can send 1 request after the minute has passed!

this config may help you:

http {
  # Define a limit for 10r/m
  limit_req_zone $http_CLIENT_KEY zone=newzone:10m rate=10r/m;


  # Configure the reverse proxy server
  server {
    listen 80;
    server_name example.com;

    # Limit requests to 10 per second
    limit_req zone=newzone burst=5 nodelay;

    # Proxy requests to the backend server
    location / {
      proxy_pass http://127.0.0.1:8080;
    }

    # Ban clients that exceed the limit for one minute
    error_page 503 @ban;
    location @ban {
      add_header Retry-After 60;
      return 503;
    }
  }
}

with this config you can make 1 request every 6 sec without using the queue (burst) , but you can make 15 req if you do it frequently in the minute and then the queue will start to get emptied.

you can use another way to ban an ip for 60 sec when exceeding and allowing the queue to start getting empty.

I hope my answer helped!

huangapple
  • 本文由 发表于 2023年7月23日 15:51:58
  • 转载请务必保留本文链接:https://go.coder-hub.com/76747168.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定