Help about limit_req

aris · July 18, 2012, 8:20am

Hi All,
In the pass several days my server was under attack.
Someone are using WebBench to test my website, and it takes up all my
server CPU resources.
So I’m wondering to use limit_req to limit the request frequency.

I have 3 important php files – portal.php forum.php home.php, they are
in the root directory of my website, the URL like below:
XXX Sex - Free Porn Videos at XXX.com
XXX Sex - Free Porn Videos at XXX.com******

And I also created below rules for URL rewrite in NGINX:
rewrite ^([^.])/topic-(.+).html$
$1/portal.php?mod=topic&topic=$2 last;
rewrite ^([^.])/forum-(\w+)-([0-9]+).html$
$1/forum.php?mod=forumdisplay&fid=$2&page=$3 last;
rewrite ^([^.])/thread-([0-9]+)-([0-9]+)-([0-9]+).html$
$1/forum.php?mod=viewthread&tid=$2&extra=page%3D$4&page=$3 last;
rewrite ^([^.])/group-([0-9]+)-([0-9]+).html$
$1/forum.php?mod=group&fid=$2&page=$3 last;
rewrite ^([^.]*)/space-(username|uid)-(.+).html$
$1/home.php?mod=space&$2=$3 last;

For now, the problem for me is, if I put below codes in NGINX, then my
php file will stop execute.

location ~*^/(home|forum|portal).php$ {
          limit_conn   addr  3;
            limit_req zone=refresh burst=3 nodelay;
                }

And if I put the limit ( limit_req zone=refresh burst=3 nodelay;)
into below sections. It works, but user reports that sometimes they
can’t view the images.

location ~ .php$ {
fastcgi_pass unix:/tmp/nginx.socket;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME
/scripts$fastcgi_script_name;
include fastcgi_params;
}

Anyone can help me about this issue? I just want to set a limit for

some specific php files?

fhal · July 18, 2012, 2:22pm

For now, the problem for me is, if I put below codes in NGINX, then my php file
will stop execute.

A quick fix would be just nest the locations or duplicate the fastcgi
part. For example:

location ~*^/(home|forum|portal).php$ {
limit_conn addr 3;
limit_req zone=refresh burst=3 nodelay;

      fastcgi_pass   unix:/tmp/nginx.socket;
      fastcgi_index  index.php;
      fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
      include        fastcgi_params;

}

rr

fhal · July 18, 2012, 6:33pm

Thanks Reinis.

I tried to use the code you provided, I’ll get an error message ‘file
not found’ (not 404)

fhal · July 19, 2012, 12:15am

I tried to use the code you provided, I’ll get an error message ‘file not
found’ (not 404)

Well I just copied over your existing config, to me this doesnt look
right:

fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;

I would suggest to replace it with:

fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

rr

fhal · July 19, 2012, 5:27pm

But it seems that this rule is not working, could you please help?

Regular expression locations are matched in the order they are defined
in the nginx config file, so you need to put that location
above .

http://wiki.nginx.org/HttpCoreModule#location

rr

fhal · July 19, 2012, 5:30pm

Hi Reinis,

Thanks for your quickly response. But it still doesn’t work.
Below is my configurations, could you please help to check?

location ~*^/forum.php?mod=image$ {
    root           /web/www;
    fastcgi_pass   unix:/tmp/nginx.socket;
    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
    include        fastcgi_params;
    }
location ~*^/(home|forum|portal).php$ {
    root           /web/www;
    limit_conn   addr  5;
    limit_req zone=refresh burst=5 nodelay;
    fastcgi_pass   unix:/tmp/nginx.socket;
    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
    include        fastcgi_params;
    }
location ~ \.php$ {
    root           /web/www;
    fastcgi_pass   unix:/tmp/nginx.socket;
    fastcgi_index  index.php;
    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
    include        fastcgi_params;
    }

fhal · July 19, 2012, 5:05pm

Hi Reinis,

One more question, for now, I’m using below code to limit the access of
some URLs, such as
/forum.php?mod=forumdisplay?*****
/forum.php?mod=viewthread&****

location ~*^/(home|forum|portal).php$ {
    root           /web/www;
    limit_conn   addr  5;
    limit_req zone=refresh burst=5 nodelay;
    fastcgi_pass   unix:/tmp/nginx.socket;
    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
    include        fastcgi_params;
    }
location ~ \.php$ {
    root           /web/www;
    fastcgi_pass   unix:/tmp/nginx.socket;
    fastcgi_index  index.php;
    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
    include        fastcgi_params;
    }

But I don’t want to limit user access to below URL

/forum.php?mod=image&***

So I added below section into Nginx

location ~*^/forum.php?mod=image$ {
    root           /web/www;
    fastcgi_pass   unix:/tmp/nginx.socket;
    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
    include        fastcgi_params;
    }

But it seems that this rule is not working, could you please help?