我看到nginx里有两个防止dos的配置:
limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m;
limit_req_zone $binary_remote_addr zone=req_limit_per_ip:10m rate=5r/s;
不知道上面这两个配置里storage的大小怎样计算?我看到说明里下面这么一句话:
One megabyte zone can keep about 32 thousand 32-byte states or about 16 thousand 64-byte states. If the zone storage is exhausted, the server will return the 503 (Service Temporarily Unavailable) error to all further requests.
按照这个意思,这个storage必须放入所有访问的ip?
阻止ddos攻击还有别的简单的解决方案吗?
limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m;
limit_req_zone $binary_remote_addr zone=req_limit_per_ip:10m rate=5r/s;
不知道上面这两个配置里storage的大小怎样计算?我看到说明里下面这么一句话:
One megabyte zone can keep about 32 thousand 32-byte states or about 16 thousand 64-byte states. If the zone storage is exhausted, the server will return the 503 (Service Temporarily Unavailable) error to all further requests.
按照这个意思,这个storage必须放入所有访问的ip?
阻止ddos攻击还有别的简单的解决方案吗?
1
Select Language