Forum: NGINX Multiple passes to memcached with different keys

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Atif G. (Guest)
on 2009-03-25 03:33
(Received via mailing list)
Hi all,

I would like to test 2 memcached keys before passing to the content.

Background:
Our CMS app has DDOS protection that can lock and IP ($remote_addr) or
the
complete website ($host)

For example if an IP is misbehaving then there is a key like /lock/
192.168.123.123  (DOS protection)
If this key is present then I just want to return the value of the key
"Sorry. too many requests from your IP, etc"

This is fine.

location / {
 set $memcached_key /lock/$remote_addr;
 memcached_pass 10.10.10.1:11211;
 ...
 do something with the request
}

The second scenario is that a fleet of machines are attacking a single
website (DDOS) then there will a lock such as
/lock/mysite.com

So my question is: Is it possible to check both keys such as

location / {
  set $memcached_key /lock/$remote_addr;
 memcached_pass 10.10.10.1:11211;

 set $memcached_key /lock/$hostr;
 memcached_pass 10.10.10.1:11211;

...
 do something with the request
}
Merlin (Guest)
on 2009-03-25 04:39
(Received via mailing list)
Atif,

You will most likely need to use the error_page directive to fallback to
an
internal location.  Something like what I have below should be
work-able.
Disclaimer: I have not tested this, and I do not know how the memcached
module works (it may reconnect to the memcached server for each check,
lowering performance).

location / {
  error_page 404 = @site;
  set $memcached_key /lock/$remote_addr;
  memcached_pass 10.10.10.1:11211;
}

location @site {
  internal;
  error_page 404 = @app;
  set $memcached_key /lock/$host;
  memcached_pass 10.10.10.1:11211;
}

location @app {
  ... whatever you normally pass to...
}

- Merlin
This topic is locked and can not be replied to.