Forum: NGINX Limit connections' erratic behaviour

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Asif A. (Guest)
on 2009-03-16 08:27
(Received via mailing list)
Dear All,
The limit connections module is behaving erratically.

I have allocated 20M of Space for storing sessions and our app basically
gets 100s of requests from several different hosts.

We have very few hosts that send in simultaneous connections from a
single
IP

But

>With limit connections, it restricts to 1/10 of the configured value..


Can someone tell me if they have experience with this module and help
with
this issue?


Thanks

Asif
Asif A. (Guest)
on 2009-03-16 11:57
(Received via mailing list)
Dear Community,

Will anyone respond to this request?

regards
Cliff W. (Guest)
on 2009-03-16 13:04
(Received via mailing list)
Post the relevant part of your config.   Also try to realize it's the
middle of the night in half the world.

Cliff
Asif A. (Guest)
on 2009-03-16 13:31
(Received via mailing list)
Cliff - Apologies - This is a second email thread actually [the earlier
one
was posted days back]


Here is the config:

limit_zone   one  $binary_remote_addr  10m;
 limit_conn one 150;

The app receives several hundred hits per second from various different
ip
addresses.
I want to block specific IP only from sending in more than 100 or 150
requests per second..

What I am getting is a reduction in total traffic and half that amount
for
ALL requests.

Thanks in advance.

regards

Asif A.
Asif A. (Guest)
on 2009-03-16 13:34
(Received via mailing list)
Let me correct something,

What I want to block is any single IP from sending more than 100
requests
per second.

regards

Asif A.
Maxim D. (Guest)
on 2009-03-16 15:39
(Received via mailing list)
Hello!

On Mon, Mar 16, 2009 at 04:52:14PM +0530, Asif A. wrote:

> addresses.
> I want to block specific IP only from sending in more than 100 or 150
> requests per second..

Your understanding of what limit_conn does is wrong.  It's to
limit number of simultaneous connections served, not requests per
second.  It may be somewhat related to request per second only if
requests take predictable time to answer.

If you want to limit requests per second - take a look at
limit_req module in nginx 0.7.*.

> What I am getting is a reduction in total traffic and half that amount for
> ALL requests.

Also, take a look at what $binary_remote_addr (and $remote_addr)
actually contains for you.  It may e.g. contain address of your
load-balancer if you use one, and you should use realip module to
fix this.

Maxim D.
Asif A. (Guest)
on 2009-03-16 20:06
(Received via mailing list)
Maxim

On Mon, Mar 16, 2009 at 6:56 PM, Maxim D. <removed_email_address@domain.invalid>
wrote:

> >
> limit number of simultaneous connections served, not requests per
> second.  It may be somewhat related to request per second only if
> requests take predictable time to answer.


      - Thanks for clarifying - actually our app does deliver response
in
under 0.5-1.0 seconds.  But limit_conn is definitely not the same as
what I
expected - I guess I will have to use to the new version as soon as it
is
stable.


> actually contains for you.  It may e.g. contain address of your
> load-balancer if you use one, and you should use realip module to
> fix this.
>

         Yes - I understand this...


>
> Maxim D.
>
>
Thanks again !
Cliff W. (Guest)
on 2009-03-16 20:23
(Received via mailing list)
On Mon, 2009-03-16 at 23:28 +0530, Asif A. wrote:

>
>       - Thanks for clarifying - actually our app does deliver response
> in under 0.5-1.0 seconds.  But limit_conn is definitely not the same
> as what I expected - I guess I will have to use to the new version as
> soon as it is stable.

Just FYI, I run the development version on all my servers within a
couple days of its release (the Nginx wiki is running 0.7.42 since last
night).

I've yet to experience any stability issues.

Cliff
This topic is locked and can not be replied to.