ну я только идею обрисовал. реализация следующая (ключ в зависимости от
специфики приложения)

http {
..........
limit_req_zone $uniq zone=uniq:10m rate=1r/s;



.......

server {
..........
set $uniq $binary_remote_addr$cookie_PHPSESSIONID$uri;
limit_req zone=uniq burst=1;




2011/3/28 Алексей Масленников <minisotm@gmail.com>

> Что-то не пашет, или может я не догоняю.
>
> Говорит:
>
> Restarting nginx: [emerg]: unknown "binary_remote_addr$request_uri$referer"
> variable
>
> On 27.03.2011 10:48, Илья Шипицин wrote:
>
> все правильно, только я бы расширил ключ, скажем, до
>
> limit_zone http $binary_remote_addr$request_uri$referer 1m;
>
>
> а количество соединений уменьшил до 1
>
> 2011/3/27 Maxim Ponomarchuk <ponomarchuk_m@ukr.net>
>
>> Друзья.
>>
>> Есть сервер под управлением Debian.
>> Периодически появляется проблема связанная с тем что с одного айпи
>> начинает валится уйма запросов к серверу + из-за этого вырастает LA .
>>
>> Например:
>>
>> cat production.log | grep 178.95.42.226
>>
>> Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:05) [GET]
>> Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:06) [GET]
>> Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:07) [GET]
>> Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:08) [GET]
>> Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:08) [GET]
>> Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:09) [GET]
>> Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:10) [GET]
>> Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:11) [GET]
>> Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:11) [GET]
>> Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:12) [GET]
>> Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:13) [GET]
>> Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:14) [GET]
>> Processing ApplicationController#index (for 178.95.42.226 at 2011-03-27 07:56:15) [GET]
>> Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:15) [GET]
>> Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:16) [GET]
>> Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:16) [GET]
>> Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:17) [GET]
>> Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:22) [GET]
>> Processing AdvertisementsController#show (for 178.95.42.226 at 2011-03-27 07:56:22) [GET]
>> Processing AdvertisementsController#show (for 178.95.42.226 at 2011-03-27 07:56:24) [GET]
>> Processing AdvertisementsController#show (for 178.95.42.226 at 2011-03-27 07:56:26) [GET]
>> Processing AdvertisementsController#show (for 178.95.42.226 at 2011-03-27 07:56:27) [GET]
>> Processing AdvertisementsController#show (for 178.95.42.226 at 2011-03-27 07:56:28) [GET]
>> Processing AdvertisementsController#show (for 178.95.42.226 at 2011-03-27 07:56:30) [GET]
>> Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:31) [GET]
>> Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:32) [GET]
>> Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:33) [GET]
>> Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:34) [GET]
>> Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:35) [GET]
>> Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:35) [GET]
>> Processing DataController#url_redirect (for 178.95.42.226 at 2011-03-27 07:56:36) [GET]
>> Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:36) [GET]
>> Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:36) [GET]
>> Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:37) [GET]
>> Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:37) [GET]
>> Processing DataController#url_redirect (for 178.95.42.226 at 2011-03-27 07:56:38) [GET]
>> Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:39) [GET]
>> Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:39) [GET]
>> Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:40) [GET]
>> Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:40) [GET]
>> Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:41) [GET]
>> Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:42) [GET]
>> Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:43) [GET]
>>
>> В настройках nginx поставил лимит
>>
>>
>> limit_zone http $binary_remote_addr 1m;
>> limit_conn http 10;
>>
>> При тесте Siege - nginx успешно дропает соединения больше 10 в единый момент времени.
>>
>> В моем же случае такое условие не совпадает.
>> Можно ли как сделать так - если с одного айпи в течении минуты есть больше 30 обращений к серверу - то заворачивать злодея на страничку - заглушку?Или как с таким бороться?
>>
>>
>>
>>
>> _______________________________________________
>> nginx-ru mailing list
>> nginx-ru@nginx.org
>> http://nginx.org/mailman/listinfo/nginx-ru
>>
>>
>
> _______________________________________________
> nginx-ru mailing listnginx-ru@nginx.orghttp://nginx.org/mailman/listinfo/nginx-ru
>
>
>
> _______________________________________________
> nginx-ru mailing list
> nginx-ru@nginx.org
> http://nginx.org/mailman/listinfo/nginx-ru
>
>
_______________________________________________
nginx-ru mailing list
nginx-ru@nginx.org
http://nginx.org/mailman/listinfo/nginx-ru