Mercurial > hg > nginx-site

view xml/en/docs/http/ngx_http_limit_conn_module.xml @ 2013:469aebbd94d0

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Limit_req/limit_conn may return not only 503 on failure.
author Ruslan Ermilov <ru@nginx.com>
date Tue, 08 Aug 2017 09:23:25 +0300
parents 6c96a644b0b3
children 4931a7ba6a32
line wrap: on
line source

<?xml version="1.0"?>

<!--
  Copyright (C) Igor Sysoev
  Copyright (C) Nginx, Inc.
  -->

<!DOCTYPE module SYSTEM "../../../../dtd/module.dtd">

<module name="Module ngx_http_limit_conn_module"
        link="/en/docs/http/ngx_http_limit_conn_module.html"
        lang="en"
        rev="10">

<section id="summary">

<para>
The <literal>ngx_http_limit_conn_module</literal> module is used to
limit the number of connections per the defined key, in
particular, the number of connections from a single IP address.
</para>

<para>
Not all connections are counted.
A connection is counted only if it has a request processed by the server
and the whole request header has already been read.
</para>

</section>


<section id="example" name="Example Configuration">

<para>
<example>
http {
    limit_conn_zone $binary_remote_addr zone=addr:10m;

    ...

    server {

        ...

        location /download/ {
            limit_conn addr 1;
        }
</example>
</para>

</section>


<section id="directives" name="Directives">

<directive name="limit_conn">
<syntax><value>zone</value> <value>number</value></syntax>
<default/>
<context>http</context>
<context>server</context>
<context>location</context>

<para>
Sets the shared memory zone
and the maximum allowed number of connections for a given key value.
When this limit is exceeded, the server will return the
<link id="limit_conn_status">error</link>
in reply to a request.
For example, the directives
<example>
limit_conn_zone $binary_remote_addr zone=addr:10m;

server {
    location /download/ {
        limit_conn addr 1;
    }
</example>
allow only one connection per an IP address at a time.
<note>
In HTTP/2 and SPDY, each concurrent request is considered a separate connection.
</note>
</para>

<para>
There could be several <literal>limit_conn</literal> directives.
For example, the following configuration will limit the number
of connections to the server per a client IP and, at the same time,
the total number of connections to the virtual server:
<example>
limit_conn_zone $binary_remote_addr zone=perip:10m;
limit_conn_zone $server_name zone=perserver:10m;

server {
    ...
    limit_conn perip 10;
    limit_conn perserver 100;
}
</example>

</para>

<para>
These directives are inherited from the previous level if and
only if there are no
<literal>limit_conn</literal>
directives on the current level.
</para>

</directive>


<directive name="limit_conn_log_level">
<syntax>
<literal>info</literal> |
<literal>notice</literal> |
<literal>warn</literal> |
<literal>error</literal></syntax>
<default>error</default>
<context>http</context>
<context>server</context>
<context>location</context>
<appeared-in>0.8.18</appeared-in>

<para>
Sets the desired logging level for cases when the server
limits the number of connections.
</para>

</directive>


<directive name="limit_conn_status">
<syntax><value>code</value></syntax>
<default>503</default>
<context>http</context>
<context>server</context>
<context>location</context>
<appeared-in>1.3.15</appeared-in>

<para>
Sets the status code to return in response to rejected requests.
</para>

</directive>


<directive name="limit_conn_zone">
<syntax>
    <value>key</value>
    <literal>zone</literal>=<value>name</value>:<value>size</value></syntax>
<default/>
<context>http</context>

<para>
Sets parameters for a shared memory zone
that will keep states for various keys.
In particular, the state includes the current number of connections.
The <value>key</value> can contain text, variables, and their combination.
Requests with an empty key value are not accounted.
<note>
Prior to version 1.7.6, a <value>key</value> could contain exactly one variable.
</note>
Usage example:
<example>
limit_conn_zone $binary_remote_addr zone=addr:10m;
</example>
Here, a client IP address serves as a key.
Note that instead of <var>$remote_addr</var>, the
<var>$binary_remote_addr</var> variable is used here.
The <var>$remote_addr</var> variable’s size can
vary from 7 to 15 bytes.
The stored state occupies either
32 or 64 bytes of memory on 32-bit platforms and always 64
bytes on 64-bit platforms.
The <var>$binary_remote_addr</var> variable’s size
is always 4 bytes for IPv4 addresses or 16 bytes for IPv6 addresses.
The stored state always occupies 32 or 64 bytes
on 32-bit platforms and 64 bytes on 64-bit platforms.
One megabyte zone can keep about 32 thousand 32-byte states
or about 16 thousand 64-byte states.
If the zone storage is exhausted, the server will return the
<link id="limit_conn_status">error</link>
to all further requests.
</para>

</directive>


<directive name="limit_zone">
<syntax>
    <value>name</value>
    <value>$variable</value>
    <value>size</value></syntax>
<default/>
<context>http</context>

<para>
This directive was made obsolete in version 1.1.8
and was removed in version 1.7.6.
An equivalent <link id="limit_conn_zone"/> directive
with a changed syntax should be used instead:
<note>
<literal>limit_conn_zone</literal>
<value>$variable</value>
<literal>zone</literal>=<value>name</value>:<value>size</value>;
</note>
</para>

</directive>

</section>

</module>