The ngx_http_limit_conn_module
module is used to limit the number of connections per the defined key, in particular, the number of connections from a single IP address.
Not all connections are counted. A connection is counted only if it has a request being processed by the server and the whole request header has already been read.
http { limit_conn_zone $binary_remote_addr zone=addr:10m; ... server { ... location /download/ { limit_conn addr 1; }
Syntax: | limit_conn zone number; |
---|---|
Default: | — |
Context: | http , server , location |
Sets the shared memory zone and the maximum allowed number of connections for a given key value. When this limit is exceeded, the server will return the error in reply to a request. For example, the directives
limit_conn_zone $binary_remote_addr zone=addr:10m; server { location /download/ { limit_conn addr 1; }
allow only one connection per an IP address at a time.
In HTTP/2 and SPDY, each concurrent request is considered a separate connection.
There could be several limit_conn
directives. For example, the following configuration will limit the number of connections to the server per a client IP and, at the same time, the total number of connections to the virtual server:
limit_conn_zone $binary_remote_addr zone=perip:10m; limit_conn_zone $server_name zone=perserver:10m; server { ... limit_conn perip 10; limit_conn perserver 100; }
These directives are inherited from the previous level if and only if there are no limit_conn
directives on the current level.
Syntax: | limit_conn_log_level
info |
notice |
warn |
error; |
---|---|
Default: | limit_conn_log_level error; |
Context: | http , server , location |
This directive appeared in version 0.8.18.
Sets the desired logging level for cases when the server limits the number of connections.
Syntax: | limit_conn_status code; |
---|---|
Default: | limit_conn_status 503; |
Context: | http , server , location |
This directive appeared in version 1.3.15.
Sets the status code to return in response to rejected requests.
Syntax: | limit_conn_zone
key
zone=name:size; |
---|---|
Default: | — |
Context: | http |
Sets parameters for a shared memory zone that will keep states for various keys. In particular, the state includes the current number of connections. The key
can contain text, variables, and their combination. Requests with an empty key value are not accounted.
Prior to version 1.7.6, a key
could contain exactly one variable.
Usage example:
limit_conn_zone $binary_remote_addr zone=addr:10m;
Here, a client IP address serves as a key. Note that instead of $remote_addr
, the $binary_remote_addr
variable is used here. The $remote_addr
variable’s size can vary from 7 to 15 bytes. The stored state occupies either 32 or 64 bytes of memory on 32-bit platforms and always 64 bytes on 64-bit platforms. The $binary_remote_addr
variable’s size is always 4 bytes for IPv4 addresses or 16 bytes for IPv6 addresses. The stored state always occupies 32 or 64 bytes on 32-bit platforms and 64 bytes on 64-bit platforms. One megabyte zone can keep about 32 thousand 32-byte states or about 16 thousand 64-byte states. If the zone storage is exhausted, the server will return the error to all further requests.
Syntax: | limit_zone
name
$variable
size; |
---|---|
Default: | — |
Context: | http |
This directive was made obsolete in version 1.1.8 and was removed in version 1.7.6. An equivalent limit_conn_zone directive with a changed syntax should be used instead:
limit_conn_zone
$variable
zone
=name
:size
;
© 2002-2017 Igor Sysoev
© 2011-2017 Nginx, Inc.
Licensed under the BSD License.
https://nginx.org/en/docs/http/ngx_http_limit_conn_module.html