兩種辦法
完整配置事例:
## 具體伺服器配置
http{
map $http_x_forwarded_for $limit {
"" $remote_addr;
~^(?P<firstAddr>[0-9\.]+),?.*$ $firstAddr;
}
# map $white_ip $limit {
# 1 $clientRealIp;
# 0 "";
# }
limit_req_zone $limit zone=tlcy_com:10m rate=5r/s;
limit_req_log_level info;
limit_conn_zone $limit zone=addr:10m;
limit_conn_log_level info;
server
{
listen 80;
server_name www.hzcsky.com;
if ($http_user_agent ~* LWP::Simple|BBBike|wget|Sosospider|YodaoBot) {
return 403;
}
## root /data/www/;
## index hou.txt;
location /mp4/
{
if ($request_method !~ ^(GET|HEAD|POST)$ ) {
return 444;
}
location / {
if ($request_method !~ ^(GET|HEAD)$ ) {
}
proxy_next_upstream http_502 http_504 error timeout invalid_header;
proxy_pass http://tlcy;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
allow all;
}
## 最多 5 個排隊, 由于每秒處理 10 個請求 + 5個排隊,你一秒最多發送 15 個請求過來,
再多就直接傳回 503 錯誤給你了
limit_req zone=tlcy_com burst=5 nodelay;
limit_conn addr 10;
location ~* \.(gif|jpg|png|swf|flv)$ {
valid_referers none blocked www.hzcsky.com ;
if ($invalid_referer) {
rewrite ^/ http://www.hzcsky.com/403.html;
#return 404;
2.設定nginx用戶端為cdn位址,從cdn那邊擷取cdn節點ip,設定白名單
http {
geo $whiteiplist {
default 1;
127.0.0.1 0;
10.0.0.0/8 0;
121.207.242.0/24 0;
}
map $whiteiplist $limit {
1 $binary_remote_addr;
0 "";
limit_conn_zone $limit zone=limit:10m;
server {
listen 8080;
server_name test.ttlsa.com;
location ^~ /ttlsa.com/ {
limit_conn limit 4;
limit_rate 200k;
alias /data/www.ttlsa.com/data/download/;
}
本文轉自 liqius 51CTO部落格,原文連結:http://blog.51cto.com/szgb17/1641947,如需轉載請自行聯系原作者
![(Nginx)03_Nginx原理與優化一、Nginx原理二、master-workers機制三、面試題:[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)