limit_conn_zone
The 'limit_conn_zone' directive creates a shared memory zone to limit the number of simultaneous connections per specified key.
Description
The 'limit_conn_zone' directive is used in the HTTP context to define a memory zone where the number of connections by a specified key (like a remote address) can be tracked. It allows you to set limits on the number of concurrent connections from a single IP address or any other parameter, helping to mitigate abuse or resource exhaustion from excessive connections.
The directive takes two arguments: the first is a key, which typically uses variables like '$binary_remote_addr' to reference the remote address of the client, or '$servername' for server name-based limits. The second argument defines the size of the shared memory zone (e.g., '10m' for 10 megabytes). This memory zone is used to store connection counts for the specified clients, allowing efficient tracking and limitation based on the connections in real-time.
When combined with the 'limit_conn' directive, administrators can specify how many concurrent connections are allowed per key, enhancing security and performance. The memory limits set ensure that this tracking is effective without consuming excessive resources.
Config Example
http {
limit_conn_zone $binary_remote_addr zone=addr:10m;
server {
location / {
limit_conn addr 10;
}
}
}Ensure the zone size is appropriate for your traffic; too small may lead to erroneous connection counts.
Remember to define the 'limit_conn' directive in the server or location block to actually apply the limit after setting the zone.