原创文章,转载请指明出处并保留原文url地址
本文主要针对nginx的ngx_http_limit_req_module模块做简单介绍,本文具体包括如下指令:limit_req,limit_req_log_level,limit_req_zone
ngx_http_limit_req_module模块(从0.7.21)允许针对来自单个请求ip地址上处理的用户请求速率进行限制,限制将基于特定key进行。限制是通过使用“漏桶”的方法
(漏桶算法(Leaky Bucket)是网络世界中流量整形(Traffic Shaping)或速率限制(Rate Limiting)时经常使用的一种算法,它的主要目的是控制数据注入到网络的速率,平滑网络上的突发流量。漏桶算法提供了一种机制,通过它,突发流量可以被整形以便为网络提供一个稳定的流量。http://baike.baidu.com/view/2467937.htm)。
配置示例如下:
http {
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
...
server {
...
location /search/ {
limit_req zone=one burst=5;
}
Nginx原文:
The ngx_http_limit_req_module module (0.7.21) allows to limit the request processing rate per defined key, in particular, the processing rate of requests coming from a single IP address. The limitation is done using the “leaky bucket” method.
Example Configuration
http {
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
...
server {
...
location /search/ {
limit_req zone=one burst=5;
}
1. limit_req
| syntax: | limit_req zone=name [burst=number] [nodelay]; |
| default: | — |
| context: | http, server, location |
设置一个共享内存区和请求的最大突发大小。如果请求的速率超过配置的区域的速度,他们的处理延迟等,要求在限定的速度处理。过多的请求被延迟直到超过最大突发大小,在这种情况下,请求终止错误503(服务暂时不可用)。默认情况下,最大突发大小等于零。例如,指令
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
server {
location /search/ {
limit_req zone=one burst=5;
}
上面配置是平均每秒钟不允许超过1个请求/秒钟, 突发请求是5个请求/秒钟
但请求被限制后过多的请求的延迟处理不在被需要时, 可以采用nodelay参数, 示例如下: limit_req zone=one burst=5 nodelay;
Nginx原文:
Sets a shared memory zone and the maximum burst size of requests. If the rate of requests exceeds the rate configured for a zone, their processing is delayed such that requests are processed at a defined rate. Excessive requests are delayed until their number exceeds the maximum burst size in which case the request is terminated with an error 503 (Service Temporarily Unavailable). By default, the maximum burst size is equal to zero. For example, the directives
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
server {
location /search/ {
limit_req zone=one burst=5;
}
allow not more than 1 request per second at an average, with bursts not exceeding 5 requests.
If delaying of excessive requests while requests are being limited is not desired, the parameter nodelay should be used:
limit_req zone=one burst=5 nodelay;
2. limit_req_log_level
| syntax: | limit_req_log_level info | notice | warn | error; |
| default: | limit_req_log_level error; |
| context: | http, server, location |
设置当server端对一些因请求超过设置值而决绝服务,延迟请求处理等时,应该生产的日志级别。延迟的日志级别一定低于拒绝的日志级别。例如“limit_req_log_level notice”被指定, 则延迟的日志级别是info级别的。
Nginx原文:
Sets the desired logging level for cases when the server refuses to process requests due to rate being exceeded, or delays request processing. Delays are logged with the level one less than refusals; for example, if “limit_req_log_level notice” is specified, delays are logged with the info level.
3. limit_req_zone
| syntax: | limit_req_zone $variablezone=name:size rate=rate; |
| default: | — |
| context: | http |
为保持各种各样key的状态的共享内存设置相关参数。这些状态存储着当前过多请求的各种信息。这些key是根据指定的变量获得任何不为空值(空值不被记录),使用示例:
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
这有一个存储着10M字节信息的区域, 这个区域中平均每个请求在每秒钟请求数是1特请求/秒钟
客户端的IP地址作为一个key。请注意,而不是remote_addr变量,而是使用binary_remote_addr在这里, 可以降低一个状态到64字节大小。一兆字节的区域可以保持32000左右的32字节的状态值,约16000个64字节的状态值。如果一个区的存储耗尽时,服务器将返回错误503(服务暂时不可用)的信息给所有后面的访问者。
指定的请求速率单位是多少请求每秒(r/s)。如果一个速率是低于一个请求每秒钟,单位可以指定为 请求每分钟。 例如,每秒钟有0.5个请求, 则可以表示为30r/m(30个请求/分钟)
Nginx原文:
Sets parameters of a shared memory zone that keeps states for various keys. The state stores the current number of excessive requests in particular. The key is any non-empty value of the specified variable (empty values are not accounted). Example usage:
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
Here, the states are kept in a 10 megabyte zone “one”, and an average request processing rate for this zone cannot exceed 1 request per second.
An IP address of the client serves as a key. Note that instead of $remote_addr, the $binary_remote_addr variable is used here, allowing to lower the size of a state down to 64 bytes. One megabyte zone can keep about 16 thousand 64-byte states. If the storage for a zone is exhausted, the server will return error 503 (Service Temporarily Unavailable) to all further requests.
The rate is specified in requests per second (r/s). If a rate of less than one request per second is desired, it is specified in request per minute (r/m). For example, half-request per second is 30r/m.
