nginx: ограничение количества одновременных подключений на vhost

http {
limit_zone client $server_name 10m;
limit_conn client 20;

nginx proxy_cache для отдельных запросов

http {
 
proxy_cache_path  /var/cache/nginx/cacheone levels=1:2 keys_zone=cacheone:20m max_size=1024m;
 
...
}
 
server {
 
    ...
 
    set $mykey "";
 
    location ... {
         if ($query_string ~ "(foo.*)")
         {
             set $mykey $1;
             error_page 404  =  @cacheone;
             return 404;
         }
 
        ...
    }
 
    location @cacheone {
        proxy_cache cacheone;
        proxy_cache_key "$request_method|$http_if_modified_since|$http_if_none_match|$mykey";
        proxy_cache_valid 200 301 302 304 7m;

nginx status

active connections -- number of all open connections including connections to backends

reading -- nginx reads request header

writing -- nginx reads request body, processes request, or writes response to a client

waiting -- keep-alive connections, actually it is ( active - (reading + writing) )

nginx anti-ddos

if ($cookie_antiflood !~* "что-нибудь") {
    rewrite ^(.*)$ /set_cookie$1 permanent;
    break ;
}
location ~ ^/set_cookie/ {
    add_header Set-Cookie "antiflood=что-нибудь; path=/";
    rewrite ^/set_cookie/(.*)$ /$1 permanent;
    break ;
}

http://habrahabr.ru/blogs/infosecurity/128526/#comment_4251423

User tags

proxy debian bind jackd virsh iostat debootstrap bonding find glxinfo sysrq arping fail2ban exim dovecot wordpress ulimit initrd MODx radeon CPAN ddos glusterfs language youtube asoundrc xhost hdparm bug quagga ha htop APU fio gdb Adaptec pacemaker SpamAssassin StorMan PTR chroot tool 3Ware vlan lts gre backtrace docker mkfs firefox tar php alsa exim4 security erase parallel cache routing centos 7 drupal idmapd lxc fido7 xen perl cpu usage mdadm HDFS wget bacula KVM sftp ip /etc/network/interfaces rsync virt-install .htaccess deb pam OpenSSL squeeze ps arp netfilter swap qcow2 tiger taskset search route ardour Swift noop raid5 usb DRBD corosync dns Areca limit_conn elliptics iptables puppet qemu SYN CentOS cgroups conntrack backup sysfs opreport ansible oprofile slab leap second equalizer SSD X forwarding opcontrol build mysql vim sublime perlbrew lstat xfs cluster numa sg munin vtysh newgrp keyboard HTTPS Salt raid core dump graylog2 dstat arch chromium AMD apache hotplug virtualbox sysresccd xargs rpm lubuntu dhclient pvmove rtl8723be video git shellshock nginx su apt alien scsi LVM lenny boot profiling NFS gpg performance bash tzdata iowait ipmi tftp mariadb mount in-addr.arpa openvpn kernel encrypt LSI top tun MegaRAID iSCSI rtsp ubuntu freedos sysctl RT vrrpd groups dhcp nfs4 replication regex vrrp dpkg grub etch bscan OpenStack iops shorewall soa rkhunter bridge ipmitool cpu PXE source storage ssh docker-compose flash tin gtk java sysctl.conf zRam cfq cpanm nvidia pulseaudio SuperMicro