416
|
1
|
|
2 /*
|
|
3 * Copyright (C) Igor Sysoev
|
644
|
4 * Copyright (C) Nginx, Inc.
|
416
|
5 */
|
|
6
|
|
7
|
|
8 #include <ngx_config.h>
|
|
9 #include <ngx_core.h>
|
|
10 #include <ngx_http.h>
|
|
11
|
|
12
|
|
13 typedef struct {
|
480
|
14 u_char color;
|
|
15 u_char dummy;
|
|
16 u_short len;
|
|
17 ngx_queue_t queue;
|
|
18 ngx_msec_t last;
|
|
19 /* integer value, 1 corresponds to 0.001 r/s */
|
|
20 ngx_uint_t excess;
|
|
21 u_char data[1];
|
416
|
22 } ngx_http_limit_req_node_t;
|
|
23
|
|
24
|
|
25 typedef struct {
|
480
|
26 ngx_rbtree_t rbtree;
|
|
27 ngx_rbtree_node_t sentinel;
|
|
28 ngx_queue_t queue;
|
|
29 } ngx_http_limit_req_shctx_t;
|
|
30
|
|
31
|
|
32 typedef struct {
|
|
33 ngx_http_limit_req_shctx_t *sh;
|
|
34 ngx_slab_pool_t *shpool;
|
|
35 /* integer value, 1 corresponds to 0.001 r/s */
|
|
36 ngx_uint_t rate;
|
|
37 ngx_int_t index;
|
|
38 ngx_str_t var;
|
416
|
39 } ngx_http_limit_req_ctx_t;
|
|
40
|
|
41
|
|
42 typedef struct {
|
480
|
43 ngx_shm_zone_t *shm_zone;
|
|
44 /* integer value, 1 corresponds to 0.001 r/s */
|
|
45 ngx_uint_t burst;
|
532
|
46 ngx_uint_t limit_log_level;
|
|
47 ngx_uint_t delay_log_level;
|
|
48
|
|
49 ngx_uint_t nodelay; /* unsigned nodelay:1 */
|
416
|
50 } ngx_http_limit_req_conf_t;
|
|
51
|
|
52
|
|
53 static void ngx_http_limit_req_delay(ngx_http_request_t *r);
|
426
|
54 static ngx_int_t ngx_http_limit_req_lookup(ngx_http_limit_req_conf_t *lrcf,
|
602
|
55 ngx_uint_t hash, u_char *data, size_t len, ngx_uint_t *ep);
|
416
|
56 static void ngx_http_limit_req_expire(ngx_http_limit_req_ctx_t *ctx,
|
|
57 ngx_uint_t n);
|
|
58
|
|
59 static void *ngx_http_limit_req_create_conf(ngx_conf_t *cf);
|
|
60 static char *ngx_http_limit_req_merge_conf(ngx_conf_t *cf, void *parent,
|
|
61 void *child);
|
|
62 static char *ngx_http_limit_req_zone(ngx_conf_t *cf, ngx_command_t *cmd,
|
|
63 void *conf);
|
|
64 static char *ngx_http_limit_req(ngx_conf_t *cf, ngx_command_t *cmd,
|
|
65 void *conf);
|
|
66 static ngx_int_t ngx_http_limit_req_init(ngx_conf_t *cf);
|
|
67
|
|
68
|
532
|
69 static ngx_conf_enum_t ngx_http_limit_req_log_levels[] = {
|
|
70 { ngx_string("info"), NGX_LOG_INFO },
|
|
71 { ngx_string("notice"), NGX_LOG_NOTICE },
|
|
72 { ngx_string("warn"), NGX_LOG_WARN },
|
|
73 { ngx_string("error"), NGX_LOG_ERR },
|
|
74 { ngx_null_string, 0 }
|
|
75 };
|
|
76
|
|
77
|
416
|
78 static ngx_command_t ngx_http_limit_req_commands[] = {
|
|
79
|
|
80 { ngx_string("limit_req_zone"),
|
|
81 NGX_HTTP_MAIN_CONF|NGX_CONF_TAKE3,
|
|
82 ngx_http_limit_req_zone,
|
|
83 0,
|
|
84 0,
|
|
85 NULL },
|
|
86
|
|
87 { ngx_string("limit_req"),
|
|
88 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE123,
|
|
89 ngx_http_limit_req,
|
|
90 NGX_HTTP_LOC_CONF_OFFSET,
|
|
91 0,
|
|
92 NULL },
|
|
93
|
532
|
94 { ngx_string("limit_req_log_level"),
|
|
95 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
|
|
96 ngx_conf_set_enum_slot,
|
|
97 NGX_HTTP_LOC_CONF_OFFSET,
|
|
98 offsetof(ngx_http_limit_req_conf_t, limit_log_level),
|
|
99 &ngx_http_limit_req_log_levels },
|
|
100
|
416
|
101 ngx_null_command
|
|
102 };
|
|
103
|
|
104
|
|
105 static ngx_http_module_t ngx_http_limit_req_module_ctx = {
|
|
106 NULL, /* preconfiguration */
|
|
107 ngx_http_limit_req_init, /* postconfiguration */
|
|
108
|
|
109 NULL, /* create main configuration */
|
|
110 NULL, /* init main configuration */
|
|
111
|
|
112 NULL, /* create server configuration */
|
|
113 NULL, /* merge server configuration */
|
|
114
|
646
|
115 ngx_http_limit_req_create_conf, /* create location configuration */
|
|
116 ngx_http_limit_req_merge_conf /* merge location configuration */
|
416
|
117 };
|
|
118
|
|
119
|
|
120 ngx_module_t ngx_http_limit_req_module = {
|
|
121 NGX_MODULE_V1,
|
|
122 &ngx_http_limit_req_module_ctx, /* module context */
|
|
123 ngx_http_limit_req_commands, /* module directives */
|
|
124 NGX_HTTP_MODULE, /* module type */
|
|
125 NULL, /* init master */
|
|
126 NULL, /* init module */
|
|
127 NULL, /* init process */
|
|
128 NULL, /* init thread */
|
|
129 NULL, /* exit thread */
|
|
130 NULL, /* exit process */
|
|
131 NULL, /* exit master */
|
|
132 NGX_MODULE_V1_PADDING
|
|
133 };
|
|
134
|
|
135
|
|
136 static ngx_int_t
|
|
137 ngx_http_limit_req_handler(ngx_http_request_t *r)
|
|
138 {
|
|
139 size_t len, n;
|
|
140 uint32_t hash;
|
|
141 ngx_int_t rc;
|
420
|
142 ngx_uint_t excess;
|
416
|
143 ngx_time_t *tp;
|
|
144 ngx_rbtree_node_t *node;
|
|
145 ngx_http_variable_value_t *vv;
|
|
146 ngx_http_limit_req_ctx_t *ctx;
|
426
|
147 ngx_http_limit_req_node_t *lr;
|
|
148 ngx_http_limit_req_conf_t *lrcf;
|
416
|
149
|
|
150 if (r->main->limit_req_set) {
|
|
151 return NGX_DECLINED;
|
|
152 }
|
|
153
|
426
|
154 lrcf = ngx_http_get_module_loc_conf(r, ngx_http_limit_req_module);
|
416
|
155
|
426
|
156 if (lrcf->shm_zone == NULL) {
|
416
|
157 return NGX_DECLINED;
|
|
158 }
|
|
159
|
426
|
160 ctx = lrcf->shm_zone->data;
|
416
|
161
|
|
162 vv = ngx_http_get_indexed_variable(r, ctx->index);
|
|
163
|
|
164 if (vv == NULL || vv->not_found) {
|
|
165 return NGX_DECLINED;
|
|
166 }
|
|
167
|
|
168 len = vv->len;
|
|
169
|
|
170 if (len == 0) {
|
|
171 return NGX_DECLINED;
|
|
172 }
|
|
173
|
|
174 if (len > 65535) {
|
|
175 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
|
|
176 "the value of the \"%V\" variable "
|
|
177 "is more than 65535 bytes: \"%v\"",
|
|
178 &ctx->var, vv);
|
|
179 return NGX_DECLINED;
|
|
180 }
|
|
181
|
|
182 r->main->limit_req_set = 1;
|
|
183
|
|
184 hash = ngx_crc32_short(vv->data, len);
|
|
185
|
|
186 ngx_shmtx_lock(&ctx->shpool->mutex);
|
|
187
|
|
188 ngx_http_limit_req_expire(ctx, 1);
|
|
189
|
602
|
190 rc = ngx_http_limit_req_lookup(lrcf, hash, vv->data, len, &excess);
|
416
|
191
|
420
|
192 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
|
506
|
193 "limit_req: %i %ui.%03ui", rc, excess / 1000, excess % 1000);
|
416
|
194
|
602
|
195 if (rc == NGX_DECLINED) {
|
|
196
|
|
197 n = offsetof(ngx_rbtree_node_t, color)
|
|
198 + offsetof(ngx_http_limit_req_node_t, data)
|
|
199 + len;
|
|
200
|
|
201 node = ngx_slab_alloc_locked(ctx->shpool, n);
|
|
202 if (node == NULL) {
|
|
203
|
|
204 ngx_http_limit_req_expire(ctx, 0);
|
|
205
|
|
206 node = ngx_slab_alloc_locked(ctx->shpool, n);
|
|
207 if (node == NULL) {
|
|
208 ngx_shmtx_unlock(&ctx->shpool->mutex);
|
|
209 return NGX_HTTP_SERVICE_UNAVAILABLE;
|
|
210 }
|
|
211 }
|
|
212
|
|
213 lr = (ngx_http_limit_req_node_t *) &node->color;
|
|
214
|
|
215 node->key = hash;
|
|
216 lr->len = (u_char) len;
|
|
217
|
|
218 tp = ngx_timeofday();
|
|
219 lr->last = (ngx_msec_t) (tp->sec * 1000 + tp->msec);
|
|
220
|
|
221 lr->excess = 0;
|
|
222 ngx_memcpy(lr->data, vv->data, len);
|
|
223
|
|
224 ngx_rbtree_insert(&ctx->sh->rbtree, node);
|
|
225
|
|
226 ngx_queue_insert_head(&ctx->sh->queue, &lr->queue);
|
|
227
|
416
|
228 ngx_shmtx_unlock(&ctx->shpool->mutex);
|
|
229
|
602
|
230 return NGX_DECLINED;
|
|
231 }
|
|
232
|
|
233 ngx_shmtx_unlock(&ctx->shpool->mutex);
|
|
234
|
|
235 if (rc == NGX_OK) {
|
|
236 return NGX_DECLINED;
|
|
237 }
|
|
238
|
|
239 if (rc == NGX_BUSY) {
|
532
|
240 ngx_log_error(lrcf->limit_log_level, r->connection->log, 0,
|
426
|
241 "limiting requests, excess: %ui.%03ui by zone \"%V\"",
|
480
|
242 excess / 1000, excess % 1000, &lrcf->shm_zone->shm.name);
|
416
|
243
|
|
244 return NGX_HTTP_SERVICE_UNAVAILABLE;
|
|
245 }
|
|
246
|
602
|
247 /* rc == NGX_AGAIN */
|
418
|
248
|
602
|
249 if (lrcf->nodelay) {
|
|
250 return NGX_DECLINED;
|
416
|
251 }
|
|
252
|
602
|
253 ngx_log_error(lrcf->delay_log_level, r->connection->log, 0,
|
|
254 "delaying request, excess: %ui.%03ui, by zone \"%V\"",
|
|
255 excess / 1000, excess % 1000, &lrcf->shm_zone->shm.name);
|
416
|
256
|
602
|
257 if (ngx_handle_read_event(r->connection->read, 0) != NGX_OK) {
|
|
258 return NGX_HTTP_INTERNAL_SERVER_ERROR;
|
416
|
259 }
|
|
260
|
602
|
261 r->read_event_handler = ngx_http_test_reading;
|
|
262 r->write_event_handler = ngx_http_limit_req_delay;
|
|
263 ngx_add_timer(r->connection->write,
|
|
264 (ngx_msec_t) excess * 1000 / ctx->rate);
|
416
|
265
|
602
|
266 return NGX_AGAIN;
|
416
|
267 }
|
|
268
|
|
269
|
|
270 static void
|
|
271 ngx_http_limit_req_delay(ngx_http_request_t *r)
|
|
272 {
|
506
|
273 ngx_event_t *wev;
|
|
274
|
416
|
275 ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
|
506
|
276 "limit_req delay");
|
|
277
|
|
278 wev = r->connection->write;
|
|
279
|
|
280 if (!wev->timedout) {
|
|
281
|
|
282 if (ngx_handle_write_event(wev, 0) != NGX_OK) {
|
|
283 ngx_http_finalize_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR);
|
|
284 }
|
|
285
|
|
286 return;
|
|
287 }
|
|
288
|
|
289 wev->timedout = 0;
|
416
|
290
|
|
291 if (ngx_handle_read_event(r->connection->read, 0) != NGX_OK) {
|
|
292 ngx_http_finalize_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR);
|
|
293 return;
|
|
294 }
|
|
295
|
|
296 r->read_event_handler = ngx_http_block_reading;
|
|
297 r->write_event_handler = ngx_http_core_run_phases;
|
|
298
|
|
299 ngx_http_core_run_phases(r);
|
|
300 }
|
|
301
|
|
302
|
|
303 static void
|
|
304 ngx_http_limit_req_rbtree_insert_value(ngx_rbtree_node_t *temp,
|
|
305 ngx_rbtree_node_t *node, ngx_rbtree_node_t *sentinel)
|
|
306 {
|
|
307 ngx_rbtree_node_t **p;
|
426
|
308 ngx_http_limit_req_node_t *lrn, *lrnt;
|
416
|
309
|
|
310 for ( ;; ) {
|
|
311
|
|
312 if (node->key < temp->key) {
|
|
313
|
|
314 p = &temp->left;
|
|
315
|
|
316 } else if (node->key > temp->key) {
|
|
317
|
|
318 p = &temp->right;
|
|
319
|
|
320 } else { /* node->key == temp->key */
|
|
321
|
426
|
322 lrn = (ngx_http_limit_req_node_t *) &node->color;
|
|
323 lrnt = (ngx_http_limit_req_node_t *) &temp->color;
|
416
|
324
|
426
|
325 p = (ngx_memn2cmp(lrn->data, lrnt->data, lrn->len, lrnt->len) < 0)
|
416
|
326 ? &temp->left : &temp->right;
|
|
327 }
|
|
328
|
|
329 if (*p == sentinel) {
|
|
330 break;
|
|
331 }
|
|
332
|
|
333 temp = *p;
|
|
334 }
|
|
335
|
|
336 *p = node;
|
|
337 node->parent = temp;
|
|
338 node->left = sentinel;
|
|
339 node->right = sentinel;
|
|
340 ngx_rbt_red(node);
|
|
341 }
|
|
342
|
|
343
|
|
344 static ngx_int_t
|
426
|
345 ngx_http_limit_req_lookup(ngx_http_limit_req_conf_t *lrcf, ngx_uint_t hash,
|
602
|
346 u_char *data, size_t len, ngx_uint_t *ep)
|
416
|
347 {
|
420
|
348 ngx_int_t rc, excess;
|
416
|
349 ngx_time_t *tp;
|
|
350 ngx_msec_t now;
|
|
351 ngx_msec_int_t ms;
|
|
352 ngx_rbtree_node_t *node, *sentinel;
|
|
353 ngx_http_limit_req_ctx_t *ctx;
|
426
|
354 ngx_http_limit_req_node_t *lr;
|
416
|
355
|
426
|
356 ctx = lrcf->shm_zone->data;
|
416
|
357
|
480
|
358 node = ctx->sh->rbtree.root;
|
|
359 sentinel = ctx->sh->rbtree.sentinel;
|
416
|
360
|
|
361 while (node != sentinel) {
|
|
362
|
|
363 if (hash < node->key) {
|
|
364 node = node->left;
|
|
365 continue;
|
|
366 }
|
|
367
|
|
368 if (hash > node->key) {
|
|
369 node = node->right;
|
|
370 continue;
|
|
371 }
|
|
372
|
|
373 /* hash == node->key */
|
|
374
|
646
|
375 lr = (ngx_http_limit_req_node_t *) &node->color;
|
416
|
376
|
646
|
377 rc = ngx_memn2cmp(data, lr->data, len, (size_t) lr->len);
|
416
|
378
|
646
|
379 if (rc == 0) {
|
|
380 ngx_queue_remove(&lr->queue);
|
|
381 ngx_queue_insert_head(&ctx->sh->queue, &lr->queue);
|
416
|
382
|
646
|
383 tp = ngx_timeofday();
|
534
|
384
|
646
|
385 now = (ngx_msec_t) (tp->sec * 1000 + tp->msec);
|
|
386 ms = (ngx_msec_int_t) (now - lr->last);
|
602
|
387
|
646
|
388 excess = lr->excess - ctx->rate * ngx_abs(ms) / 1000 + 1000;
|
532
|
389
|
646
|
390 if (excess < 0) {
|
|
391 excess = 0;
|
416
|
392 }
|
|
393
|
646
|
394 *ep = excess;
|
|
395
|
|
396 if ((ngx_uint_t) excess > lrcf->burst) {
|
|
397 return NGX_BUSY;
|
|
398 }
|
|
399
|
|
400 lr->excess = excess;
|
|
401 lr->last = now;
|
416
|
402
|
646
|
403 if (excess) {
|
|
404 return NGX_AGAIN;
|
|
405 }
|
416
|
406
|
646
|
407 return NGX_OK;
|
|
408 }
|
|
409
|
|
410 node = (rc < 0) ? node->left : node->right;
|
416
|
411 }
|
|
412
|
602
|
413 *ep = 0;
|
416
|
414
|
|
415 return NGX_DECLINED;
|
|
416 }
|
|
417
|
|
418
|
|
419 static void
|
|
420 ngx_http_limit_req_expire(ngx_http_limit_req_ctx_t *ctx, ngx_uint_t n)
|
|
421 {
|
420
|
422 ngx_int_t excess;
|
416
|
423 ngx_time_t *tp;
|
|
424 ngx_msec_t now;
|
|
425 ngx_queue_t *q;
|
|
426 ngx_msec_int_t ms;
|
|
427 ngx_rbtree_node_t *node;
|
426
|
428 ngx_http_limit_req_node_t *lr;
|
416
|
429
|
|
430 tp = ngx_timeofday();
|
|
431
|
|
432 now = (ngx_msec_t) (tp->sec * 1000 + tp->msec);
|
|
433
|
|
434 /*
|
|
435 * n == 1 deletes one or two zero rate entries
|
|
436 * n == 0 deletes oldest entry by force
|
|
437 * and one or two zero rate entries
|
|
438 */
|
|
439
|
|
440 while (n < 3) {
|
|
441
|
480
|
442 if (ngx_queue_empty(&ctx->sh->queue)) {
|
416
|
443 return;
|
|
444 }
|
|
445
|
480
|
446 q = ngx_queue_last(&ctx->sh->queue);
|
416
|
447
|
426
|
448 lr = ngx_queue_data(q, ngx_http_limit_req_node_t, queue);
|
416
|
449
|
|
450 if (n++ != 0) {
|
|
451
|
426
|
452 ms = (ngx_msec_int_t) (now - lr->last);
|
416
|
453 ms = ngx_abs(ms);
|
|
454
|
|
455 if (ms < 60000) {
|
|
456 return;
|
|
457 }
|
|
458
|
426
|
459 excess = lr->excess - ctx->rate * ms / 1000;
|
416
|
460
|
420
|
461 if (excess > 0) {
|
416
|
462 return;
|
|
463 }
|
|
464 }
|
|
465
|
|
466 ngx_queue_remove(q);
|
|
467
|
|
468 node = (ngx_rbtree_node_t *)
|
426
|
469 ((u_char *) lr - offsetof(ngx_rbtree_node_t, color));
|
416
|
470
|
480
|
471 ngx_rbtree_delete(&ctx->sh->rbtree, node);
|
416
|
472
|
|
473 ngx_slab_free_locked(ctx->shpool, node);
|
|
474 }
|
|
475 }
|
|
476
|
|
477
|
|
478 static ngx_int_t
|
|
479 ngx_http_limit_req_init_zone(ngx_shm_zone_t *shm_zone, void *data)
|
|
480 {
|
|
481 ngx_http_limit_req_ctx_t *octx = data;
|
|
482
|
468
|
483 size_t len;
|
416
|
484 ngx_http_limit_req_ctx_t *ctx;
|
|
485
|
|
486 ctx = shm_zone->data;
|
|
487
|
|
488 if (octx) {
|
|
489 if (ngx_strcmp(ctx->var.data, octx->var.data) != 0) {
|
|
490 ngx_log_error(NGX_LOG_EMERG, shm_zone->shm.log, 0,
|
|
491 "limit_req \"%V\" uses the \"%V\" variable "
|
|
492 "while previously it used the \"%V\" variable",
|
480
|
493 &shm_zone->shm.name, &ctx->var, &octx->var);
|
416
|
494 return NGX_ERROR;
|
|
495 }
|
|
496
|
480
|
497 ctx->sh = octx->sh;
|
416
|
498 ctx->shpool = octx->shpool;
|
|
499
|
|
500 return NGX_OK;
|
|
501 }
|
|
502
|
|
503 ctx->shpool = (ngx_slab_pool_t *) shm_zone->shm.addr;
|
|
504
|
480
|
505 if (shm_zone->shm.exists) {
|
|
506 ctx->sh = ctx->shpool->data;
|
|
507
|
|
508 return NGX_OK;
|
416
|
509 }
|
|
510
|
480
|
511 ctx->sh = ngx_slab_alloc(ctx->shpool, sizeof(ngx_http_limit_req_shctx_t));
|
|
512 if (ctx->sh == NULL) {
|
416
|
513 return NGX_ERROR;
|
|
514 }
|
|
515
|
480
|
516 ctx->shpool->data = ctx->sh;
|
|
517
|
|
518 ngx_rbtree_init(&ctx->sh->rbtree, &ctx->sh->sentinel,
|
416
|
519 ngx_http_limit_req_rbtree_insert_value);
|
|
520
|
480
|
521 ngx_queue_init(&ctx->sh->queue);
|
416
|
522
|
480
|
523 len = sizeof(" in limit_req zone \"\"") + shm_zone->shm.name.len;
|
468
|
524
|
|
525 ctx->shpool->log_ctx = ngx_slab_alloc(ctx->shpool, len);
|
|
526 if (ctx->shpool->log_ctx == NULL) {
|
|
527 return NGX_ERROR;
|
|
528 }
|
|
529
|
|
530 ngx_sprintf(ctx->shpool->log_ctx, " in limit_req zone \"%V\"%Z",
|
480
|
531 &shm_zone->shm.name);
|
468
|
532
|
416
|
533 return NGX_OK;
|
|
534 }
|
|
535
|
|
536
|
|
537 static void *
|
|
538 ngx_http_limit_req_create_conf(ngx_conf_t *cf)
|
|
539 {
|
|
540 ngx_http_limit_req_conf_t *conf;
|
|
541
|
|
542 conf = ngx_pcalloc(cf->pool, sizeof(ngx_http_limit_req_conf_t));
|
|
543 if (conf == NULL) {
|
496
|
544 return NULL;
|
416
|
545 }
|
|
546
|
|
547 /*
|
|
548 * set by ngx_pcalloc():
|
|
549 *
|
|
550 * conf->shm_zone = NULL;
|
426
|
551 * conf->burst = 0;
|
418
|
552 * conf->nodelay = 0;
|
416
|
553 */
|
|
554
|
532
|
555 conf->limit_log_level = NGX_CONF_UNSET_UINT;
|
|
556
|
416
|
557 return conf;
|
|
558 }
|
|
559
|
|
560
|
|
561 static char *
|
|
562 ngx_http_limit_req_merge_conf(ngx_conf_t *cf, void *parent, void *child)
|
|
563 {
|
|
564 ngx_http_limit_req_conf_t *prev = parent;
|
|
565 ngx_http_limit_req_conf_t *conf = child;
|
|
566
|
|
567 if (conf->shm_zone == NULL) {
|
644
|
568 conf->shm_zone = prev->shm_zone;
|
|
569 conf->burst = prev->burst;
|
|
570 conf->nodelay = prev->nodelay;
|
416
|
571 }
|
|
572
|
532
|
573 ngx_conf_merge_uint_value(conf->limit_log_level, prev->limit_log_level,
|
|
574 NGX_LOG_ERR);
|
|
575
|
|
576 conf->delay_log_level = (conf->limit_log_level == NGX_LOG_INFO) ?
|
|
577 NGX_LOG_INFO : conf->limit_log_level + 1;
|
|
578
|
416
|
579 return NGX_CONF_OK;
|
|
580 }
|
|
581
|
|
582
|
|
583 static char *
|
|
584 ngx_http_limit_req_zone(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
|
|
585 {
|
|
586 u_char *p;
|
|
587 size_t size, len;
|
|
588 ngx_str_t *value, name, s;
|
|
589 ngx_int_t rate, scale;
|
|
590 ngx_uint_t i;
|
|
591 ngx_shm_zone_t *shm_zone;
|
|
592 ngx_http_limit_req_ctx_t *ctx;
|
|
593
|
|
594 value = cf->args->elts;
|
|
595
|
|
596 ctx = NULL;
|
|
597 size = 0;
|
|
598 rate = 1;
|
|
599 scale = 1;
|
|
600 name.len = 0;
|
|
601
|
|
602 for (i = 1; i < cf->args->nelts; i++) {
|
|
603
|
|
604 if (ngx_strncmp(value[i].data, "zone=", 5) == 0) {
|
|
605
|
|
606 name.data = value[i].data + 5;
|
|
607
|
|
608 p = (u_char *) ngx_strchr(name.data, ':');
|
|
609
|
|
610 if (p) {
|
480
|
611 *p = '\0';
|
|
612
|
416
|
613 name.len = p - name.data;
|
|
614
|
|
615 p++;
|
|
616
|
|
617 s.len = value[i].data + value[i].len - p;
|
|
618 s.data = p;
|
|
619
|
|
620 size = ngx_parse_size(&s);
|
|
621 if (size > 8191) {
|
|
622 continue;
|
|
623 }
|
|
624 }
|
|
625
|
|
626 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
|
|
627 "invalid zone size \"%V\"", &value[i]);
|
|
628 return NGX_CONF_ERROR;
|
|
629 }
|
|
630
|
|
631 if (ngx_strncmp(value[i].data, "rate=", 5) == 0) {
|
|
632
|
|
633 len = value[i].len;
|
|
634 p = value[i].data + len - 3;
|
|
635
|
|
636 if (ngx_strncmp(p, "r/s", 3) == 0) {
|
|
637 scale = 1;
|
|
638 len -= 3;
|
|
639
|
|
640 } else if (ngx_strncmp(p, "r/m", 3) == 0) {
|
|
641 scale = 60;
|
|
642 len -= 3;
|
|
643 }
|
|
644
|
|
645 rate = ngx_atoi(value[i].data + 5, len - 5);
|
|
646 if (rate <= NGX_ERROR) {
|
|
647 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
|
|
648 "invalid rate \"%V\"", &value[i]);
|
|
649 return NGX_CONF_ERROR;
|
|
650 }
|
|
651
|
|
652 continue;
|
|
653 }
|
|
654
|
|
655 if (value[i].data[0] == '$') {
|
|
656
|
|
657 value[i].len--;
|
|
658 value[i].data++;
|
|
659
|
|
660 ctx = ngx_pcalloc(cf->pool, sizeof(ngx_http_limit_req_ctx_t));
|
|
661 if (ctx == NULL) {
|
|
662 return NGX_CONF_ERROR;
|
|
663 }
|
|
664
|
|
665 ctx->index = ngx_http_get_variable_index(cf, &value[i]);
|
|
666 if (ctx->index == NGX_ERROR) {
|
|
667 return NGX_CONF_ERROR;
|
|
668 }
|
|
669
|
|
670 ctx->var = value[i];
|
|
671
|
|
672 continue;
|
|
673 }
|
|
674
|
|
675 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
|
|
676 "invalid parameter \"%V\"", &value[i]);
|
|
677 return NGX_CONF_ERROR;
|
|
678 }
|
|
679
|
|
680 if (name.len == 0 || size == 0) {
|
|
681 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
|
|
682 "\"%V\" must have \"zone\" parameter",
|
|
683 &cmd->name);
|
|
684 return NGX_CONF_ERROR;
|
|
685 }
|
|
686
|
|
687 if (ctx == NULL) {
|
|
688 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
|
|
689 "no variable is defined for limit_req_zone \"%V\"",
|
|
690 &cmd->name);
|
|
691 return NGX_CONF_ERROR;
|
|
692 }
|
|
693
|
420
|
694 ctx->rate = rate * 1000 / scale;
|
416
|
695
|
|
696 shm_zone = ngx_shared_memory_add(cf, &name, size,
|
|
697 &ngx_http_limit_req_module);
|
|
698 if (shm_zone == NULL) {
|
|
699 return NGX_CONF_ERROR;
|
|
700 }
|
|
701
|
|
702 if (shm_zone->data) {
|
|
703 ctx = shm_zone->data;
|
|
704
|
|
705 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
|
|
706 "limit_req_zone \"%V\" is already bound to variable \"%V\"",
|
|
707 &value[1], &ctx->var);
|
|
708 return NGX_CONF_ERROR;
|
|
709 }
|
|
710
|
|
711 shm_zone->init = ngx_http_limit_req_init_zone;
|
|
712 shm_zone->data = ctx;
|
|
713
|
|
714 return NGX_CONF_OK;
|
|
715 }
|
|
716
|
|
717
|
|
718 static char *
|
|
719 ngx_http_limit_req(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
|
|
720 {
|
426
|
721 ngx_http_limit_req_conf_t *lrcf = conf;
|
416
|
722
|
418
|
723 ngx_int_t burst;
|
|
724 ngx_str_t *value, s;
|
|
725 ngx_uint_t i;
|
416
|
726
|
426
|
727 if (lrcf->shm_zone) {
|
416
|
728 return "is duplicate";
|
|
729 }
|
|
730
|
|
731 value = cf->args->elts;
|
|
732
|
|
733 burst = 0;
|
|
734
|
|
735 for (i = 1; i < cf->args->nelts; i++) {
|
|
736
|
|
737 if (ngx_strncmp(value[i].data, "zone=", 5) == 0) {
|
|
738
|
|
739 s.len = value[i].len - 5;
|
|
740 s.data = value[i].data + 5;
|
|
741
|
426
|
742 lrcf->shm_zone = ngx_shared_memory_add(cf, &s, 0,
|
416
|
743 &ngx_http_limit_req_module);
|
426
|
744 if (lrcf->shm_zone == NULL) {
|
416
|
745 return NGX_CONF_ERROR;
|
|
746 }
|
|
747
|
|
748 continue;
|
|
749 }
|
|
750
|
|
751 if (ngx_strncmp(value[i].data, "burst=", 6) == 0) {
|
|
752
|
418
|
753 burst = ngx_atoi(value[i].data + 6, value[i].len - 6);
|
416
|
754 if (burst <= 0) {
|
|
755 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
|
|
756 "invalid burst rate \"%V\"", &value[i]);
|
|
757 return NGX_CONF_ERROR;
|
|
758 }
|
|
759
|
|
760 continue;
|
|
761 }
|
|
762
|
418
|
763 if (ngx_strncmp(value[i].data, "nodelay", 7) == 0) {
|
426
|
764 lrcf->nodelay = 1;
|
416
|
765 continue;
|
|
766 }
|
|
767
|
|
768 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
|
|
769 "invalid parameter \"%V\"", &value[i]);
|
|
770 return NGX_CONF_ERROR;
|
|
771 }
|
|
772
|
426
|
773 if (lrcf->shm_zone == NULL) {
|
416
|
774 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
|
|
775 "\"%V\" must have \"zone\" parameter",
|
|
776 &cmd->name);
|
|
777 return NGX_CONF_ERROR;
|
|
778 }
|
|
779
|
426
|
780 if (lrcf->shm_zone->data == NULL) {
|
416
|
781 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
|
|
782 "unknown limit_req_zone \"%V\"",
|
480
|
783 &lrcf->shm_zone->shm.name);
|
416
|
784 return NGX_CONF_ERROR;
|
|
785 }
|
|
786
|
426
|
787 lrcf->burst = burst * 1000;
|
416
|
788
|
|
789 return NGX_CONF_OK;
|
|
790 }
|
|
791
|
|
792
|
|
793 static ngx_int_t
|
|
794 ngx_http_limit_req_init(ngx_conf_t *cf)
|
|
795 {
|
|
796 ngx_http_handler_pt *h;
|
|
797 ngx_http_core_main_conf_t *cmcf;
|
|
798
|
|
799 cmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_core_module);
|
|
800
|
|
801 h = ngx_array_push(&cmcf->phases[NGX_HTTP_PREACCESS_PHASE].handlers);
|
|
802 if (h == NULL) {
|
|
803 return NGX_ERROR;
|
|
804 }
|
|
805
|
|
806 *h = ngx_http_limit_req_handler;
|
|
807
|
|
808 return NGX_OK;
|
|
809 }
|