Tengine限制連線數和白名單功能

科技小能手發表於2017-11-12

tenginx1.4.2 version

nginx.conf

  limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m;

  limit_req_zone $binary_remote_addr zone=req_limit_per_ip:10m rate=1r/s;

geo $white_ip  {

    ranges;

    default        0;

    60.126.39.182-60.126.39.184     1;

    58.112.221.179-58.112.221.190 1;

    141.130.163.153-141.130.163.154 1;

}

limit_req_whitelist geo_var_name=white_ip geo_var_value=1;

limit_req_zone $binary_remote_addr zone=white_ip:100m rate=1r/s;

include /usr/local/webserver/nginx/conf/vhosts/*.conf;

}

 

vhosts(控制下面幾個php檔案)

location   ~*^/(home|forum|portal|forum|forumdisplay|index).php$ {

 root /htdoc/bbs.123.com/wwwroot;

limit_conn conn_limit_per_ip 2;

    limit_req zone=white_ip  burst=3 nodelay;

limit_req_whitelist geo_var_name=white_ip geo_var_value=1;

 fastcgi_pass  127.0.0.1:9000;

      fastcgi_index index.php;

      include fcgi.conf;

}

 

        location ~ ^/html/ {   //控制這個目錄下面的檔案

    limit_req zone=white_ip  burst=4 nodelay;

limit_req_whitelist geo_var_name=white_ip geo_var_value=1;

}

 

 location   ~*^/(home|forum|message_check|test).php$ {     /*當前目錄下的檔案受限制*/

 root /ht/hf/old.123.com;

limit_conn conn_limit_per_ip 2;

    limit_req zone=white_ip  burst=2 nodelay;

limit_req_whitelist geo_var_name=white_ip geo_var_value=1;

 fastcgi_pass  127.0.0.1:9000;

      fastcgi_index index.php;

      include fcgi.conf;

}

location ~* ^/(chushou)/.*.php$ {       /*chushou目錄下的檔案受限制*/

limit_conn conn_limit_per_ip 2;

    limit_req zone=white_ip  burst=2 nodelay;

limit_req_whitelist geo_var_name=white_ip geo_var_value=1;

 fastcgi_pass  127.0.0.1:9000;

      fastcgi_index index.php;

      include fcgi.conf;

}

(感謝淘叔度指點)

白名單內的ip不受limit限制。

本文轉自 liang3391 51CTO部落格,原文連結:http://blog.51cto.com/liang3391/1004566


相關文章