Limit number of connections to server

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Limit number of connections to server

Kamil Gorlo-2
Hi,

is there a way to limit total number of open connections per listening port in Nginx? I know that there is limit_conn module but as far as I understand it only works on "request" layer, which means connections are counted only when request headers have been already read.

I have problem when number of SSL connections to my server is very high (CPU is 100% and server becomes unresponsive), and I would like to "cut" new connections after some defined threshold is exceeded. It would possibly save some CPU cycles needed to handle SSL handshake, etc.

Is it possible?

Regards,
Kamil

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Limit number of connections to server

Valentin V. Bartenev-3
On Tuesday 04 April 2017 17:22:58 Kamil Gorlo wrote:

> Hi,
>
> is there a way to limit total number of open connections per listening port
> in Nginx? I know that there is limit_conn module but as far as I understand
> it only works on "request" layer, which means connections are counted only
> when request headers have been already read.
>
> I have problem when number of SSL connections to my server is very high
> (CPU is 100% and server becomes unresponsive), and I would like to "cut"
> new connections after some defined threshold is exceeded. It would possibly
> save some CPU cycles needed to handle SSL handshake, etc.
>
> Is it possible?
>

You should use system firewall.  Most of *nix systems have one out of the box.

  wbr, Valentin V. Bartenev

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Limit number of connections to server

lists@lazygranch.com
You would probably want to also limit the number of connections per IP address, else one IP could lock up the entire site.


  Original Message  
From: Valentin V. Bartenev
Sent: Tuesday, April 4, 2017 1:58 PM
To: [hidden email]
Reply To: [hidden email]
Subject: Re: Limit number of connections to server

On Tuesday 04 April 2017 17:22:58 Kamil Gorlo wrote:

> Hi,
>
> is there a way to limit total number of open connections per listening port
> in Nginx? I know that there is limit_conn module but as far as I understand
> it only works on "request" layer, which means connections are counted only
> when request headers have been already read.
>
> I have problem when number of SSL connections to my server is very high
> (CPU is 100% and server becomes unresponsive), and I would like to "cut"
> new connections after some defined threshold is exceeded. It would possibly
> save some CPU cycles needed to handle SSL handshake, etc.
>
> Is it possible?
>

You should use system firewall. Most of *nix systems have one out of the box.

wbr, Valentin V. Bartenev

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Limit number of connections to server

Payam Chychi
You can also use ulimit but simple iptable/ipfw/pf will do the job


On Tue, Apr 4, 2017 at 3:13 PM <[hidden email]> wrote:
You would probably want to also limit the number of connections per IP address, else one IP could lock up the entire site.


  Original Message  
From: Valentin V. Bartenev
Sent: Tuesday, April 4, 2017 1:58 PM
To: [hidden email]
Reply To: [hidden email]
Subject: Re: Limit number of connections to server

On Tuesday 04 April 2017 17:22:58 Kamil Gorlo wrote:
> Hi,
>
> is there a way to limit total number of open connections per listening port
> in Nginx? I know that there is limit_conn module but as far as I understand
> it only works on "request" layer, which means connections are counted only
> when request headers have been already read.
>
> I have problem when number of SSL connections to my server is very high
> (CPU is 100% and server becomes unresponsive), and I would like to "cut"
> new connections after some defined threshold is exceeded. It would possibly
> save some CPU cycles needed to handle SSL handshake, etc.
>
> Is it possible?
>

You should use system firewall. Most of *nix systems have one out of the box.

wbr, Valentin V. Bartenev

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
--
Payam Tarverdyan Chychi
Network Security Specialist / Network Engineer

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Loading...