nginx ÏÞÁ÷ÎÊÌâ¿Éͨ¹ýÒÔÏÂÒªÁì½â¾ö£ºÊ¹Óà ngx_http_limit_req_module ÏÞÖÆÇëÇó´ÎÊý£»Ê¹Óà ngx_http_limit_conn_module ÏÞÖÆÅþÁ¬Êý£»Ê¹ÓõÚÈý·½Ä
£¿é£¨ngx_http_limit_connections_module¡¢ngx_http_limit_rate_module¡¢ngx_http_access_module£©ÊµÏÖ¸ü¶àÏÞÁ÷Õ½ÂÔ£»Ê¹ÓÃÔÆЧÀÍ£¨cloudflare¡¢google cloud rate limiting¡¢aws waf£©¾ÙÐÐ dd

Nginx ÏÞÁ÷½â¾ö¼Æ»®

ÎÊÌ⣺ÔõÑù½â¾ö Nginx ÏÞÁ÷ÎÊÌâ
£¿

½â¾ö¼Æ»®£º

1. ʹÓÃngx_http_limit_req_moduleÄ
£¿é

# ÏÞÖÆÿ¸ö¿Í»§¶ËÿÃëµÄÇëÇó´ÎÊý
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;

# Ó¦ÓÃÏÞÁ÷¹æÔò
server {
    # ...
    location / {
        limit_req zone=one;
    }
}

µÇ¼ºó¸´ÖÆ

2. ʹÓà ngx_http_limit_conn_moduleÄ
£¿é

# ÏÞÖÆÿ¸ö¿Í»§¶ËµÄͬʱÅþÁ¬Êý
limit_conn_zone $binary_remote_addr zone=one:10m;

# Ó¦ÓÃÏÞÁ÷¹æÔò
server {
    # ...
    location / {
        limit_conn zone=one;
    }
}

µÇ¼ºó¸´ÖÆ

3. ʹÓõÚÈý·½Ä
£¿é

ngx_http_limit_connections_module: ÏÞÖÆÿ¸ö¿Í»§¶ËµÄ×ÜÅþÁ¬Êý

ngx_http_limit_rate_module: ÏÞÖÆÿ¸ö¿Í»§¶ËµÄÇëÇóËÙÂÊ

ngx_http_access_module: ƾ֤¿Í»§¶Ë IP »òÆäËûÌõ¼þ¾Ü¾øÇëÇó

4. ʹÓÃÔÆЧÀÍ

Cloudflare: Ìṩ DDoS ·À»¤ºÍÏÞÁ÷ЧÀÍ

Google Cloud Rate Limiting: Ìṩ»ùÓÚÉí·ÝÑéÖ¤µÄ API ÏÞÁ÷

AWS WAF: Ìṩ»ùÓÚÇøÓòºÍËÙÂ浀 Web Ó¦ÓóÌÐò·À»ðǽ

5. ´úÂë²ãÏÞÁ÷

ÔÚÓ¦ÓóÌÐò´úÂëÖÐʵÑé×Ô¼ºµÄÏÞÁ÷»úÖÆ£¬ÀýÈçʹÓÃÁîÅÆÍ°Ëã·¨»ò»¬¶¯´°¿Ú¡£

×¢ÖØ£º

Ñ¡ÔñÊʵ±µÄÏÞÁ÷ÒªÁìÈ¡¾öÓÚÓ¦ÓóÌÐòµÄÐèÇóºÍÁ÷Á¿Ä£Ê½¡£

×Ðϸµ÷½âÏÞÁ÷²ÎÊýÒÔ×èÖ¹Îó¾ÜºÍÐÔÄÜÎÊÌâ¡£

¼à¿ØÏÞÁ÷Ô˶¯ÒÔÈ·±£ÓÐÓÃÐÔºÍʵʱµ÷½â¡£

ÒÔÉϾÍÊÇnginxÏÞÁ÷Ôõô½â¾öµÄÏêϸÄÚÈÝ£¬¸ü¶àÇë¹Ø×¢±¾ÍøÄÚÆäËüÏà¹ØÎÄÕ£¡