nginxÏÞÁ÷Ôõô½â¾ö
nginx ÏÞÁ÷ÎÊÌâ¿Éͨ¹ýÒÔÏÂÒªÁì½â¾ö£ºÊ¹Óà ngx_http_limit_req_module ÏÞÖÆÇëÇó´ÎÊý£»Ê¹Óà ngx_http_limit_conn_module ÏÞÖÆÅþÁ¬Êý£»Ê¹ÓõÚÈý·½Ä£¿é£¨ngx_http_limit_connections_module¡¢ngx_http_limit_rate_module¡¢ngx_http_access_module£©ÊµÏÖ¸ü¶àÏÞÁ÷Õ½ÂÔ£»Ê¹ÓÃÔÆЧÀÍ£¨cloudflare¡¢google cloud rate limiting¡¢aws waf£©¾ÙÐÐ dd
Nginx ÏÞÁ÷½â¾ö¼Æ»®
ÎÊÌ⣺ÔõÑù½â¾ö Nginx ÏÞÁ÷ÎÊÌ⣿
½â¾ö¼Æ»®£º
1. ʹÓÃngx_http_limit_req_moduleÄ£¿é
# ÏÞÖÆÿ¸ö¿Í»§¶ËÿÃëµÄÇëÇó´ÎÊý limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s; # Ó¦ÓÃÏÞÁ÷¹æÔò server { # ... location / { limit_req zone=one; } }
µÇ¼ºó¸´ÖÆ
2. ʹÓà ngx_http_limit_conn_moduleÄ£¿é
# ÏÞÖÆÿ¸ö¿Í»§¶ËµÄͬʱÅþÁ¬Êý limit_conn_zone $binary_remote_addr zone=one:10m; # Ó¦ÓÃÏÞÁ÷¹æÔò server { # ... location / { limit_conn zone=one; } }
µÇ¼ºó¸´ÖÆ
3. ʹÓõÚÈý·½Ä£¿é
ngx_http_limit_connections_module: ÏÞÖÆÿ¸ö¿Í»§¶ËµÄ×ÜÅþÁ¬Êý
ngx_http_limit_rate_module: ÏÞÖÆÿ¸ö¿Í»§¶ËµÄÇëÇóËÙÂÊ
ngx_http_access_module: ƾ֤¿Í»§¶Ë IP »òÆäËûÌõ¼þ¾Ü¾øÇëÇó
4. ʹÓÃÔÆЧÀÍ
Cloudflare: Ìṩ DDoS ·À»¤ºÍÏÞÁ÷ЧÀÍ
Google Cloud Rate Limiting: Ìṩ»ùÓÚÉí·ÝÑéÖ¤µÄ API ÏÞÁ÷
AWS WAF: Ìṩ»ùÓÚÇøÓòºÍËÙÂ浀 Web Ó¦ÓóÌÐò·À»ðǽ
5. ´úÂë²ãÏÞÁ÷
ÔÚÓ¦ÓóÌÐò´úÂëÖÐʵÑé×Ô¼ºµÄÏÞÁ÷»úÖÆ£¬ÀýÈçʹÓÃÁîÅÆÍ°Ëã·¨»ò»¬¶¯´°¿Ú¡£
×¢ÖØ£º
Ñ¡ÔñÊʵ±µÄÏÞÁ÷ÒªÁìÈ¡¾öÓÚÓ¦ÓóÌÐòµÄÐèÇóºÍÁ÷Á¿Ä£Ê½¡£
×Ðϸµ÷½âÏÞÁ÷²ÎÊýÒÔ×èÖ¹Îó¾ÜºÍÐÔÄÜÎÊÌâ¡£
¼à¿ØÏÞÁ÷Ô˶¯ÒÔÈ·±£ÓÐÓÃÐÔºÍʵʱµ÷½â¡£
ÒÔÉϾÍÊÇnginxÏÞÁ÷Ôõô½â¾öµÄÏêϸÄÚÈÝ£¬¸ü¶àÇë¹Ø×¢±¾ÍøÄÚÆäËüÏà¹ØÎÄÕ£¡