Limiting Access to Proxied HTTP Resources
Protect your upstream web and application servers by limiting connections, rate of requests, or bandwidth, based on client IP address or other variables.
This article explains how to set the maximum number of requests for a connection, or the maximum rate of downloading content from the server.
Use the limit_conn_zone directive to define the key and set the parameters of the shared memory zone (the worker processes will use this zone to share counters for key values). As the first parameter, specify the expression evaluated as a key. In the second parameter zone, specify the name of the zone and its size:
Use the limit_conn directive to apply the limit within the location {}, server {}, or http {} context. Specify the name of the shared memory zone as the first parameter, and the number of allowed connection per key as the second parameter:
Rate limiting can be used to prevent DDoS attacks, or prevent upstream servers from being overwhelmed by too many requests at the same time. The method is based on the leaky bucket algorithm: requests arrive at the bucket at various rates and leave the bucket at fixed rate.
