In this article, we will explore specific procedures for setting speed limits for selected IP addresses on a Nginx web server running on CentOS 7. This configuration can be highly beneficial for protecting the server from excessive load caused by unusually high request rates from specific sources.
Prerequisites
Before getting started, ensure that:
- You have access to a CentOS 7 server with Nginx installed.
- You have permission to make changes to Nginx configuration files as a user with sudo privileges.
Step 1: Accessing Nginx Configuration File
To set speed limits for specific IP addresses, you'll need to modify the configuration file for your server block or Nginx global configuration. Nginx configuration files are typically located at /etc/nginx/nginx.conf for the main configuration or in /etc/nginx/conf.d/ for specific server blocks.
- Open your server's configuration file in an editor. For example, if you have a server block for your domain at
/etc/nginx/conf.d/mywebsite.conf, open this file using the command:
Step 2: Defining Rate Limits
Nginx allows rate limiting using the limit_req_zone directive, which is defined in the http context, and the limit_req directive, which is applied within the server or location context.
- Add
limit_req_zoneto the main Nginx configuration file (nginx.conf) or to your server block. This directive specifies a memory zone for tracking requests and the maximum number of allowed requests within a defined time period. For example:http { ... limit_req_zone $binary_remote_addr zone=mylimit:10m rate=1r/s; ... }
- Here,
$binary_remote_addrserves as the key for tracking IP addresses,zone=mylimit:10mdefines the zone name and size (10 MB), andrate=1r/sspecifies the allowed rate of 1 request per second.
Step 3: Applying Rate Limits
After defining the rate limiting zone, you can apply the limit to specific server blocks or locations using the limit_req directive.
- Within your server block configuration file, add the
limit_reqdirective within theserverorlocationcontext where you want the limit to be applied:server { ... location / { limit_req zone=mylimit burst=5 nodelay; ... } }
- The
burst=5directive allows short-term bursts beyond the rate limit, which is useful for handling short spikes in traffic.nodelayensures that requests are not delayed until the burst limit is reached.
Step 4: Testing and Restarting Nginx
After completing the configuration, it's important to verify that all changes are syntactically correct and then restart Nginx to apply the new settings.
- Perform a configuration test:
sudo nginx -t
If the test runs without errors, restart Nginx:
sudo systemctl restart nginx
By following these steps, you have successfully set speed limits for specific IP addresses on your Nginx server running on CentOS 7. Remember that proper rate limiting configuration can help prevent server overload and ensure a more even distribution of resources among all users.
