Limit_conn module exclude also on Maxim Dunin recommended code

Server NGINX
1

Hi

I am using this code to limit requests and exclude some ip’s"

http {

limit_req_zone $limit zone=delta:8m rate=60r/s;

geo $limited {
default 1;
192.168.45.56/32 0;
199.27.128.0/21 0;
173.245.48.0/20 0;
}

map $limited $limit {
1 $binary_remote_addr;
0 “”;
}

And this on the domain config:

server {

limit_req zone=delta burst=90 nodelay;

Now i have two questions:

1)Does nginx realy knows how to exclude ip’s in this format .0/21 or i
must
use them as 199.27.128.5 for example?

199.27.128.0/21

2)Now i want to use the limit_conn_zone on the above recommendation from
Maxim Dunin…

like this:

http {

limit_conn_zone $binary_remote_addr zone=alpha:8m;
limit_req_zone $limit zone=delta:8m rate=60r/s;

geo $limited {
default 1;
192.168.45.56/32 0;
199.27.128.0/21 0;
173.245.48.0/20 0;
}

map $limited $limit {
1 $binary_remote_addr;
0 “”;
}

And this on the domain config:

server {

limit_conn alpha 20;
limit_req zone=delta burst=90 nodelay;

But how i can use the above exclude list for the limit_conn module also?

Thanks

Posted at Nginx Forum:

2

On Sun, Jan 04, 2015 at 09:44:19AM -0500, ASTRAPI wrote:

Hi there,

1)Does nginx realy knows how to exclude ip’s in this format .0/21 or i must
use them as 199.27.128.5 for example?

http://nginx.org/r/geo

2)Now i want to use the limit_conn_zone on the above recommendation from
<…>
But how i can use the above exclude list for the limit_conn module also?

You have

limit_conn_zone $binary_remote_addr zone=alpha:8m;
limit_req_zone $limit zone=delta:8m rate=60r/s;

and

limit_conn alpha 20;
limit_req zone=delta burst=90 nodelay;

Compare http://nginx.org/r/limit_conn_zone with
Module ngx_http_limit_req_module

Which part of your “req” config means that you omit some client
addresses
from accounting?

What similar “zone” config could you use?

f

Francis D. [email protected]

3

Thanks for the reply…

Ok with the ip’s but i can’ figure out how to fix th other problem with
exclude ip’s for limit_conn_zone :frowning:

Posted at Nginx Forum:

4

On Thu, Jan 08, 2015 at 12:31:23PM -0500, ASTRAPI wrote:

Hi there,

Ok with the ip’s but i can’ figure out how to fix th other problem with
exclude ip’s for limit_conn_zone :frowning:

I’m confused why you’re confused.

You originally had

limit_conn_zone $binary_remote_addr zone=alpha:8m;
limit_req_zone $binary_remote_addr zone=delta:8m rate=40r/s;

and you wanted to exclude some addresses from the limit_req_zone, so
you changed it to be

limit_req_zone $limit zone=delta:8m rate=60r/s;

Now you want to exclude the same addresses from the limit_conn_zone,
but you can’t see what configuration change might possibly do that?

Replace $binary_remote_addr with $limit.

f

Francis D. [email protected]

5

Ok thanks!

Posted at Nginx Forum: