Nginx：速率限制设置不起作用

发布时间：2020-12-13 20:55:55 所属栏目：Nginx 来源：网络整理

导读：这是我的Nginx配置设置- { limit_req_zone $binary_remote_addr zone=main:10m rate=1r/s; # on top of conf file ... location /login { limit_req zone=main burst=3 nodelay; ModSecurityEnabled on; ModSecurityConfig /usr/local/nginx/conf/modsecurit

这是我的Nginx配置设置-

{
    limit_req_zone $binary_remote_addr zone=main:10m rate=1r/s;  # on top of conf file
 ...

    location /login {
            limit_req zone=main burst=3 nodelay;
            ModSecurityEnabled on;
            ModSecurityConfig /usr/local/nginx/conf/modsecurity.conf;
            proxy_pass http://localhost:4000;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'upgrade';
            proxy_set_header Host $host;
            proxy_cache_bypass $http_upgrade;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

}

使用以下代码多次点击api网址(http://localhost:4000/login)时-

for i in {0..2000}; do (curl -Is http://localhost:4000/login | head -n1 &) 2>/dev/null; done

我总是得到200个响应代码,而不是某些应被拒绝的请求得到503.

请我克服这个问题.

最佳答案

这是我的配置.现在它可以正确显示200& 503超过阈值后请求.

limit_req_zone $http_x_forwarded_for zone=req_limit_per_ip:100m rate=10r/m;
limit_conn_zone $http_x_forwarded_for zone=conn_limit_per_ip:100m;


server {

listen 80;

server_name *.xxxxxx.com;
add_header 'Access-Control-Allow-Headers' "X-Forwarded-For; X-Forwarded-Proto; X-Forwarded-Port; Host; X-Amzn-Trace-Id; Connection";
#add_header 'Access-Control-Allow-Headers' "X-Requested-With";
add_header 'Access-Control-Allow-Methods' "GET,POST,OPTIONS";
#add_header 'Access-Control-Allow-Origin' "$http_origin";

server_tokens off;
client_body_timeout 60s;
client_header_timeout 60s;
add_header 'X-Frame-Options' "SAMEORIGIN";
add_header 'Strict-Transport-Security' "max-age=31536000; includeSubDomains" ;

location /api/ {
    ModSecurityEnabled off;
    ModSecurityConfig /usr/local/nginx/conf/modsecurity.conf;
    proxy_pass http://xx.xxx.xxx.xxx:7000/;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
    proxy_cache_bypass $http_upgrade;
    proxy_connect_timeout       60s;
    proxy_send_timeout          60s;
    proxy_read_timeout          60s;
    send_timeout                60s;

}
}

为了检查效果,我创建了一个.js文件,并在循环内请求上述URL 20次.您可以在下面查看结果-

输出：

enter image description here

（编辑：李大同）

【声明】本站内容均来自网络，其相关言论仅代表作者个人观点，不代表本站立场。若无意侵犯到您的权利，请及时与联系站长删除相关内容!