limit_conn
The `limit_conn` directive restricts the number of simultaneous connections from a single IP address.
Description
The limit_conn directive in NGINX is used to limit the number of simultaneous connections that can be made from a single IP address to a specific server or location block. This is crucial in preventing abuse or overload caused by too many connections, which can degrade the performance of the server. The directive accepts two arguments: the zone name and the maximum number of connections permitted per IP address. The directive works in conjunction with limit_conn_zone, which defines the shared memory zone for tracking connection counts from IP addresses.
When a request is received, NGINX increments the connection count for the originating IP in the defined zone. If the connection count exceeds the specified limit, the client will receive a 503 Service Unavailable error. The connection count is managed per IP address and is typically recorded in memory, allowing for high-speed checking of connection limits without the need for persistent storage. This helps manage congestion and ensures equitable distribution of server resources among users.
To implement the directive, administrators must define the limit in an appropriate context (http, server, or location) and ensure that a corresponding limit_conn_zone directive is configured. This balance between defining the zone and setting the limit according to the anticipated traffic is key in implementing this directive effectively.
Config Example
http {
limit_conn_zone $binary_remote_addr zone=addr:10m;
server {
location / {
limit_conn addr 1;
}
}
}Ensure that the limit_conn_zone directive is defined before using limit_conn to avoid configuration errors.
Be cautious with the limits set; overly restrictive limits may block legitimate users or traffic.
Consider the implications of connection limits on application behavior, especially for services with high user interaction.