1. 限制單IP并發(fā)訪問數量

nginx中ngx_http_limit_conn_module模塊用于限制連接數量，特別是來自單個IP地址的連接數量。并非所有的連接都被計數。只有當服務器處理了請求并且已經讀取了整個請求頭時，連接才被計數。

http {
    limit_conn_zone $binary_remote_addr zone=addr:10m;
    ...
    server {
        ...
        location / {
            limit_conn addr 10;
            ...
        }
}

$binary_remote_addr對于IPv4地址，變量的大小始終為4個字節(jié)，對于IPv6地址則為16個字節(jié)。存儲狀態(tài)在32位平臺上始終占用32或64個字節(jié)，在64位平臺上占用64個字節(jié)。一個兆字節(jié)的區(qū)域可以保持大約32000個32字節(jié)的狀態(tài)或大約16000個64字節(jié)的狀態(tài)。如果區(qū)域存儲耗盡，服務器會將錯誤返回 給所有其他請求。10M可存儲160000個狀態(tài)

2. 限制單IP訪問速度

nginx中ngx_http_limit_req_module模塊用于限制每一個請求的處理速率，特別是從一個單一的IP地址的請求的處理速率。

http {
    limit_req_zone $binary_remote_addr zone=one:10m rate=30r/s;
    ...
    server {
        ...
        location / {
            limit_req zone=one burst=50;
            ...
        }
}

3. 測試

我們可以用ab工具測試一下。

yum -y install httpd-tools

并發(fā)測試

并發(fā)數50，總共執(zhí)行次數100

ab -c 50 -n 100 http://127.0.0.1:6688/

無限制時

> ab  -c 50 -n 100 http://127.0.0.1:6688/
This is ApacheBench, Version 2.3 <$Revision: 1430300 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking 127.0.0.1 (be patient).....done


Server Software:        nginx
Server Hostname:        127.0.0.1
Server Port:            6688

Document Path:          /
Document Length:        612 bytes

Concurrency Level:      50
Time taken for tests:   0.007 seconds
Complete requests:      100
Failed requests:        0
Write errors:           0
Total transferred:      83800 bytes
HTML transferred:       61200 bytes
Requests per second:    14828.00 [#/sec] (mean)
Time per request:       3.372 [ms] (mean)
Time per request:       0.067 [ms] (mean, across all concurrent requests)
Transfer rate:          12134.63 [Kbytes/sec] received

Connection Times (ms)
              min  mean[+/-sd] median   max
Connect:        0    1   0.3      1       2
Processing:     0    1   0.7      2       2
Waiting:        0    1   0.5      1       2
Total:          1    2   0.5      2       3

限制配置

http {
    ...
    limit_conn_zone $binary_remote_addr zone=addr:10m;
    limit_req_zone $binary_remote_addr zone=one:10m rate=30r/s;
    server {
        limit_conn addr 10;
        limit_req zone=one burst=50;
        ...
    }
}

限制后

> ab  -c 50 -n 100 http://121.40.237.209:6688/
This is ApacheBench, Version 2.3 <$Revision: 1430300 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking 121.40.237.209 (be patient).....done


Server Software:        nginx
Server Hostname:        121.40.237.209
Server Port:            6688

Document Path:          /
Document Length:        612 bytes

Concurrency Level:      50
Time taken for tests:   3.309 seconds
Complete requests:      100
Failed requests:        0
Write errors:           0
Total transferred:      83800 bytes
HTML transferred:       61200 bytes
Requests per second:    30.22 [#/sec] (mean)
Time per request:       1654.476 [ms] (mean)
Time per request:       33.090 [ms] (mean, across all concurrent requests)
Transfer rate:          24.73 [Kbytes/sec] received

Connection Times (ms)
              min  mean[+/-sd] median   max
Connect:        4    5   0.3      5       5
Processing:     5 1237 547.1   1660    1664
Waiting:        5 1237 547.1   1660    1664
Total:         10 1241 547.2   1665    1668

可以看出100個請求在3.3秒完成符合30r/s

參考文章
http://nginx.org/en/docs/http/ngx_http_limit_conn_module.html
http://nginx.org/en/docs/http/ngx_http_limit_req_module.html