Welcome! Log In Create A New Profile

Advanced

Nginx Rate limiting for HTTPS requests

May 15, 2018 12:20PM
Hi,

I have been experimenting with Nginx rate limiting and I need some inputs on it’s working and what can be expected from this feature. I see some difference in what I expected from this feature going by the documentation and what I observed in my experiments.

Here is the detail on my testing:
I have a test server running Nginx and a backend server. Nginx is configured as HTTPS server listening on 443. I have configured Nginx as reverse proxy to my backend. We have a proprietary tool which feeds configured number of HTTPS requests (one request/connection) to test server and generates reports at the end of test. Report will have details how many requests return status as 200 and 503.

Observation 1:
As per my observations, more requests are getting processed with return status as 200 than expected if input request rate to Nginx is much higher than the rate limit configured.
For example, with the following configuration in Nginx for rate limiting, Here are my tests:
limit_req_zone $host zone=perhost:1m rate=100r/s;
limit_req zone=perhost burst=100 nodelay;

Test1: With input as 250 req/sec and rate limit configured at 100r/s, rate limiting works as expected since on average ~100 requests return with 200 status every second

Test2: With input as 500 req/sec and rate limit configured at 100r/s, rate limiting does not work as expected since on average ~150 requests return with 200 status every second

Test3: With input as 600 req/sec and rate limit configured at 100r/s, rate limiting does not work as expected since on average ~200 requests return with 200 status every second

Test4: With input as 800 req/sec and rate limit configured at 100r/s, rate limiting does not work as expected since on average ~350 requests return with 200 status every second

Observation 2:
On the other side, If Nginx is configured as HTTP server listening on 80, rate limiting feature seems to be working fine for the same tests.

I am not very sure what is happening here for HTTPS based testing. One observation I have made is that in HTTP case, requests gets processed very quickly whereas for HTTPS case, complete transaction takes relatively longer. Also, for low input rate of HTTPS requests transaction completion is not taking very long where as when input rate goes up, this delay further increase and then rate limiting start behaving unexpectedly. Can this be the cause of this difference in anyway? Please share your inputs on this.

Thanks in advance
Subject Author Posted

Nginx Rate limiting for HTTPS requests

rickGsp May 15, 2018 12:20PM

Re: Nginx Rate limiting for HTTPS requests

Maxim Dounin May 15, 2018 01:58PM

Re: Nginx Rate limiting for HTTPS requests

rickGsp May 16, 2018 05:00AM

Re: Nginx Rate limiting for HTTPS requests

Maxim Dounin May 16, 2018 09:28AM

Re: Nginx Rate limiting for HTTPS requests

rickGsp May 20, 2018 04:24AM

Re: Nginx Rate limiting for HTTPS requests

pbooth May 20, 2018 02:48PM

Re: Nginx Rate limiting for HTTPS requests

pbooth May 20, 2018 02:54PM

Re: Nginx Rate limiting for HTTPS requests

rickGsp May 21, 2018 01:09AM

Re: Nginx Rate limiting for HTTPS requests

Maxim Dounin May 21, 2018 08:14AM

Re: Nginx Rate limiting for HTTPS requests

rickGsp May 21, 2018 09:55AM

Re: Nginx Rate limiting for HTTPS requests

Maxim Dounin May 21, 2018 12:46PM

Re: Nginx Rate limiting for HTTPS requests

rickGsp May 22, 2018 12:37PM

Re: Nginx Rate limiting for HTTPS requests

Maxim Dounin May 22, 2018 02:02PM

Re: Nginx Rate limiting for HTTPS requests

rickGsp May 23, 2018 12:58AM

Re: Nginx Rate limiting for HTTPS requests

Maxim Dounin May 23, 2018 03:36PM

Re: Nginx Rate limiting for HTTPS requests

rickGsp May 25, 2018 01:56PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 99
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready