Lexa Software: Nginx-ru@sysoev.ru archive

2011/3/28 Алексей Масленников <minisotm@xxxxxxxxx>

Что-то не пашет, или может я не догоняю.

Говорит:

Restarting nginx: [emerg]: unknown "binary_remote_addr$request_uri$referer" variable

On 27.03.2011 10:48, Илья Шипицин wrote:

все правильно, только я бы расширил ключ, скажем, до

limit_zone http $binary_remote_addr$request_uri$referer 1m;

а количество соединений уменьшил до 1

2011/3/27 Maxim Ponomarchuk <ponomarchuk_m@xxxxxxx>

Друзья.

Есть сервер под управлением Debian.
Периодически появляется проблема связанная с тем что с одного айпи начинает валится уйма запросов к серверу + из-за этого вырастает LA .

Например:

cat  production.log | grep 178.95.42.226

Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:05) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:06) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:07) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:08) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:08) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:09) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:10) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:11) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:11) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:12) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:13) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:14) [GET]
Processing ApplicationController#index (for 178.95.42.226 at 2011-03-27 07:56:15) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:15) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:16) [GET]
Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:16) [GET]
Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:17) [GET]
Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:22) [GET]
Processing AdvertisementsController#show (for 178.95.42.226 at 2011-03-27 07:56:22) [GET]
Processing AdvertisementsController#show (for 178.95.42.226 at 2011-03-27 07:56:24) [GET]
Processing AdvertisementsController#show (for 178.95.42.226 at 2011-03-27 07:56:26) [GET]
Processing AdvertisementsController#show (for 178.95.42.226 at 2011-03-27 07:56:27) [GET]
Processing AdvertisementsController#show (for 178.95.42.226 at 2011-03-27 07:56:28) [GET]
Processing AdvertisementsController#show (for 178.95.42.226 at 2011-03-27 07:56:30) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:31) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:32) [GET]
Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:33) [GET]
Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:34) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:35) [GET]
Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:35) [GET]
Processing DataController#url_redirect (for 178.95.42.226 at 2011-03-27 07:56:36) [GET]
Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:36) [GET]
Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:36) [GET]
Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:37) [GET]
Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:37) [GET]
Processing DataController#url_redirect (for 178.95.42.226 at 2011-03-27 07:56:38) [GET]
Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:39) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:39) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:40) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:40) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:41) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:42) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:43) [GET]

В настройках nginx поставил лимит


limit_zone http $binary_remote_addr 1m;
limit_conn   http  10;

При тесте Siege  - nginx успешно дропает соединения больше 10 в единый момент времени.

В моем же случае такое условие не совпадает.
Можно ли как сделать так - если с одного айпи в течении минуты есть больше 30 обращений к серверу - то заворачивать злодея на страничку - заглушку?
Или  как с таким бороться?

_______________________________________________
nginx-ru mailing list
nginx-ru@xxxxxxxxx
http://nginx.org/mailman/listinfo/nginx-ru


_______________________________________________
nginx-ru mailing list
nginx-ru@xxxxxxxxx
http://nginx.org/mailman/listinfo/nginx-ru

_______________________________________________
nginx-ru mailing list
nginx-ru@xxxxxxxxx
http://nginx.org/mailman/listinfo/nginx-ru

Re: бан или заворот айпи на страницу заглушку