Друзья.
Есть сервер под управлением Debian.
Периодически появляется проблема связанная с тем что с
одного айпи начинает валится уйма запросов к серверу +
из-за этого вырастает LA .
Например:
cat production.log | grep 178.95.42.226
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:05) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:06) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:07) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:08) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:08) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:09) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:10) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:11) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:11) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:12) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:13) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:14) [GET]
Processing ApplicationController#index (for 178.95.42.226 at 2011-03-27 07:56:15) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:15) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:16) [GET]
Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:16) [GET]
Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:17) [GET]
Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:22) [GET]
Processing AdvertisementsController#show (for 178.95.42.226 at 2011-03-27 07:56:22) [GET]
Processing AdvertisementsController#show (for 178.95.42.226 at 2011-03-27 07:56:24) [GET]
Processing AdvertisementsController#show (for 178.95.42.226 at 2011-03-27 07:56:26) [GET]
Processing AdvertisementsController#show (for 178.95.42.226 at 2011-03-27 07:56:27) [GET]
Processing AdvertisementsController#show (for 178.95.42.226 at 2011-03-27 07:56:28) [GET]
Processing AdvertisementsController#show (for 178.95.42.226 at 2011-03-27 07:56:30) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:31) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:32) [GET]
Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:33) [GET]
Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:34) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:35) [GET]
Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:35) [GET]
Processing DataController#url_redirect (for 178.95.42.226 at 2011-03-27 07:56:36) [GET]
Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:36) [GET]
Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:36) [GET]
Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:37) [GET]
Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:37) [GET]
Processing DataController#url_redirect (for 178.95.42.226 at 2011-03-27 07:56:38) [GET]
Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:39) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:39) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:40) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:40) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:41) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:42) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:43) [GET]
В настройках nginx поставил лимит
limit_zone http $binary_remote_addr 1m;
limit_conn http 10;
При тесте Siege - nginx успешно дропает соединения больше 10 в единый момент времени.
В моем же случае такое условие не совпадает.
Можно ли как сделать так
- если с одного айпи в течении минуты есть больше 30 обращений к серверу - то заворачивать злодея на страничку - заглушку?
Или как с таким бороться?