limit_conn_dry_run
The `limit_conn_dry_run` directive allows testing of connection limits without enforcing them.
Description
The limit_conn_dry_run directive is a feature that enables administrators to test their connection limit configurations without actively denying connections. When set, the server does not block connections that exceed the defined limits, but it does log those instances where the limits would have been enforced. This is particularly useful for tuning and validating configurations without impacting user experience, allowing the admin to gather data on potential impacts of limits before applying them fully.
The directive can be set in the http, server, or location contexts and accepts a flag (on/off) as its argument. When enabled (set to 'on'), NGINX will simulate the limits without blocking excess connections. It is important to note that while this directive is active, no actual connections are denied, which gives a clear picture of the utilization against the limits without causing disruption.
However, administrators should remain cautious with this directive during production testing since the server will still record those exceeding limits in the logs, and may mislead observation if the directive is confused with enforced limits. It should ideally be used temporarily during configuration assessments.
Config Example
http {
limit_conn_zone $binary_remote_addr zone=addr:10m;
server {
limit_conn addr 10;
limit_conn_dry_run on;
}
}Using this directive in a loaded production environment may lead to misleading conclusions as it logs connections exceeding the limit without enforcing them.
Ensure to disable this directive after testing to apply actual limits.