I have a server with multiple virtual hosts, that is, multiple websites running. I want to set request limits, using "limit_req_zone" and "limit_req".
I've already got it to work, I've read all the documentation and I think I can say that I understand pretty much the basics. However I need to clarify a couple of doubts.
In every example I found on the web, the requests limits are applied in the following way:
http {
[...]
limit_req_zone $binary_remote_addr zone=myzone:10m rate=5r/s;
server {
listen 80;
server_name mysite.com;
limit_req zone=myzone burst=5 nodelay;
}
}
In my case, as I mentioned, I have multiple websites, so my first attempt was to do this:
http {
[...]
limit_req_zone $binary_remote_addr zone=myzone:10m rate=5r/s;
server {
listen 80;
server_name mysite1.com;
limit_req zone=myzone burst=5 nodelay;
}
server {
listen 80;
server_name mysite2.com;
limit_req zone=myzone burst=5 nodelay;
}
}
As you can see, there are two virtual hosts that uses the same shared memory zone called "myzone".
However, in this scenario, I noticed that the rate limit is applied across every virtual host. In other words: if a visitor is browsing mysite1.com and mysite2.com, his requests are sumed and the total is compared to de 5r/s limit.
I don't like that, because I'm running multiple websites, and it's highly possible that one visitor is browsing several of those sites at the same time.
So, I want to apply a 5r/s limit for every client in every virtual host. Does it mean that I have to declare ashared memory zone for **every virtual host**? Is that ok? Is it a common practice? I couldn't find an example on the web about this.
This is how I would do it, and I would like some comments about if it's ok:
http {
[...]
server {
listen 80;
server_name mysite1.com;
limit_req_zone $binary_remote_addr zone=zonemysite1:10m rate=5r/s;
limit_req myzone=zonemysite1 burst=5 nodelay;
}
server {
listen 80;
server_name mysite2.com;
limit_req_zone $binary_remote_addr zone=zonemysite2:10m rate=5r/s;
limit_req myzone=zonemysite2 burst=5 nodelay;
}
}
Is that ok? If that's ok, would I have to do the same with limit_conn_zone? Thanks in advance
I've already got it to work, I've read all the documentation and I think I can say that I understand pretty much the basics. However I need to clarify a couple of doubts.
In every example I found on the web, the requests limits are applied in the following way:
http {
[...]
limit_req_zone $binary_remote_addr zone=myzone:10m rate=5r/s;
server {
listen 80;
server_name mysite.com;
limit_req zone=myzone burst=5 nodelay;
}
}
In my case, as I mentioned, I have multiple websites, so my first attempt was to do this:
http {
[...]
limit_req_zone $binary_remote_addr zone=myzone:10m rate=5r/s;
server {
listen 80;
server_name mysite1.com;
limit_req zone=myzone burst=5 nodelay;
}
server {
listen 80;
server_name mysite2.com;
limit_req zone=myzone burst=5 nodelay;
}
}
As you can see, there are two virtual hosts that uses the same shared memory zone called "myzone".
However, in this scenario, I noticed that the rate limit is applied across every virtual host. In other words: if a visitor is browsing mysite1.com and mysite2.com, his requests are sumed and the total is compared to de 5r/s limit.
I don't like that, because I'm running multiple websites, and it's highly possible that one visitor is browsing several of those sites at the same time.
So, I want to apply a 5r/s limit for every client in every virtual host. Does it mean that I have to declare ashared memory zone for **every virtual host**? Is that ok? Is it a common practice? I couldn't find an example on the web about this.
This is how I would do it, and I would like some comments about if it's ok:
http {
[...]
server {
listen 80;
server_name mysite1.com;
limit_req_zone $binary_remote_addr zone=zonemysite1:10m rate=5r/s;
limit_req myzone=zonemysite1 burst=5 nodelay;
}
server {
listen 80;
server_name mysite2.com;
limit_req_zone $binary_remote_addr zone=zonemysite2:10m rate=5r/s;
limit_req myzone=zonemysite2 burst=5 nodelay;
}
}
Is that ok? If that's ok, would I have to do the same with limit_conn_zone? Thanks in advance