sho*_*ner 5 ddos nginx tornado websocket
我使用此配置来防止我的服务器上出现类似 DOS 的洪水:
limit_req_zone $binary_remote_addr zone=one:10m rate=10r/s;
limit_req_zone $binary_remote_addr zone=sms:10m rate=1r/m;
upstream main_server{
server web_instance_1:8000;
}
server {
limit_req zone=one burst=5;
listen 80;
server_name something.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name something.com;
ssl on;
ssl_certificate /etc/nginx/ssl/chained.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
location / {
limit_req zone=one burst=5;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass https://main_server;
}
location /rest/sms {
limit_req zone=sms burst=5;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass https://main_server;
}
location /WebSocket {
limit_req zone=one burst=5;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_pass https://main_server;
}
}
在/WebSocketURL 中我运行一个 WebSocket 服务器(用 Tornado 编写)。limit_reqin /WebSocketlocation 只会阻止来自客户端的过多websocket 连接。我需要一种方法来防止一个WebSocket 连接向服务器发送太多数据包。
当前配置不禁止发送大量数据包的单个客户端。
在 NGINX 或龙卷风中这样做的正确方法是什么?
| 归档时间: |
|
| 查看次数: |
2431 次 |
| 最近记录: |