问题
I use this config for preventing DOS like floodings on my server:
limit_req_zone $binary_remote_addr zone=one:10m rate=10r/s;
limit_req_zone $binary_remote_addr zone=sms:10m rate=1r/m;
upstream main_server{
server web_instance_1:8000;
}
server {
limit_req zone=one burst=5;
listen 80;
server_name something.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name something.com;
ssl on;
ssl_certificate /etc/nginx/ssl/chained.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
location / {
limit_req zone=one burst=5;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass https://main_server;
}
location /rest/sms {
limit_req zone=sms burst=5;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass https://main_server;
}
location /WebSocket {
limit_req zone=one burst=5;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_pass https://main_server;
}
}
in /WebSocket URL I run a WebSocket server (written with Tornado) . limit_req in /WebSocket location only prevents too many websocket connections from client. I need a way to prevent ONE WebSocket connection to sends too many packets to the server.
current configuration doesn't ban single client that send a lot of packets.
what is the proper way to do so in NGINX or tornado?
来源:https://stackoverflow.com/questions/49131457/prevent-one-websocket-connection-flooding-in-nginx