Limit_zone and limit_conn problem

Hi list, I have smillar problem like
http://markmail.org/message/m5mau3i4yxkw46rj [ Problems using
limit_zone and limit_conn ]

How this limit_conn work? I have limit_conn one 1; but still I can
do many connections and download without 503 error or something.

Hello!

On Fri, Jan 22, 2010 at 08:56:53PM +0100, Piotr K. wrote:

Hi list, I have smillar problem like
http://markmail.org/message/m5mau3i4yxkw46rj [ Problems using
limit_zone and limit_conn ]

This is believed to be what’s called “insufficient testing” and
just doesn’t trigger 503 because it’s hard to trigger unless you
are downloading big response which fills all the socket buffers
or nginx is waiting for a backend during processing of a request.

How this limit_conn work? I have limit_conn one 1; but still I can
do many connections and download without 503 error or something.

limit_conn do something like this:

  1. On request processing start (once all headers have been read)
    it checks if limit_zone has number recorded for the variable in
    question, and if it’s bigger than allowed - returns 503. if it’s
    still bellow allowed maximum - increments number (or stores 1 if
    there were nothing recorded so far).

  2. On request completion (when we are done sending data to client
    and connection is about to be closed or goes into keepalive state)
    number in question is decremented.

Maxim D.

Thanks you for your reply but I still dont understand it. Sometimes it
seen to work, but sometimes no, no 503 error, multiple files at once
etc.

I wanna prevent mass downloading files from /specified/ dir but this
limit_conn dont work as it should. have you any other idea how can I
limit mass downloading?

Hello!

On Sat, Jan 23, 2010 at 08:51:29AM +0100, Piotr K. wrote:

Thanks you for your reply but I still dont understand it. Sometimes it
seen to work, but sometimes no, no 503 error, multiple files at once
etc.

I wanna prevent mass downloading files from /specified/ dir but this
limit_conn dont work as it should. have you any other idea how can I
limit mass downloading?

Well, I’ve tried to explain that “multiple files at once” may not
be the same from nginx point of view, and that’s why you don’t see
503. In the post you linked it’s certainly the case.

Try the following test:

http {
    limit_zone unique_zone_name $binary_remote_addr 10m;
    sendfile on;
    sendfile_max_chunk 1m;
    ...
    server {
       ...
       location /download/ {
           limit_conn unique_zone_name 1;
       }
    }
}

Start downloading of something large (e.g. 4G) from /download/.
Make sure it’s downloaded via single request and data are flowing
around (netstat & tcpdump are your friends).

Once you are checked the above - try starting another download
from the same ip. It should return 503.

Note well: nginx will process request without switching to another
one until it will be able to fill up socket send buffer. This may
not happen at all if you are testing via fast local connection,
your output_buffers are smaller than socket send buffer, and you
are and not using limit_rate and/or sendfile with
sendfile_max_chunk. So requests will be processed in order by
nginx, and you won’t see 503.

Maxim D.

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs