nginx: ограничение количества одновременных подключений на vhost

http {
limit_zone client $server_name 10m;
limit_conn client 20;

nginx proxy_cache для отдельных запросов

http {
 
proxy_cache_path  /var/cache/nginx/cacheone levels=1:2 keys_zone=cacheone:20m max_size=1024m;
 
...
}
 
server {
 
    ...
 
    set $mykey "";
 
    location ... {
         if ($query_string ~ "(foo.*)")
         {
             set $mykey $1;
             error_page 404  =  @cacheone;
             return 404;
         }
 
        ...
    }
 
    location @cacheone {
        proxy_cache cacheone;
        proxy_cache_key "$request_method|$http_if_modified_since|$http_if_none_match|$mykey";
        proxy_cache_valid 200 301 302 304 7m;

nginx status

active connections -- number of all open connections including connections to backends

reading -- nginx reads request header

writing -- nginx reads request body, processes request, or writes response to a client

waiting -- keep-alive connections, actually it is ( active - (reading + writing) )

nginx anti-ddos

if ($cookie_antiflood !~* "что-нибудь") {
    rewrite ^(.*)$ /set_cookie$1 permanent;
    break ;
}
location ~ ^/set_cookie/ {
    add_header Set-Cookie "antiflood=что-нибудь; path=/";
    rewrite ^/set_cookie/(.*)$ /$1 permanent;
    break ;
}

http://habrahabr.ru/blogs/infosecurity/128526/#comment_4251423

User tags

tzdata ipmitool qcow2 tiger core dump tin in-addr.arpa apache Swift fido7 sysctl bacula gtk glxinfo dstat grub nginx mariadb SpamAssassin Adaptec jackd ps performance idmapd mdadm centos 7 pacemaker MODx arp asoundrc arch bug vrrp dpkg mount netfilter pam CentOS exim4 drupal LVM deb arping oprofile rsync firefox LSI su radeon lts openvpn parallel ulimit corosync pvmove regex gre flash shellshock dhcp conntrack ipmi lubuntu iops 3Ware source tftp rkhunter gdb virtualbox StorMan top wget vlan sg qemu ubuntu ssh opreport .htaccess replication usb php xen perlbrew routing freedos cfq xhost sysresccd htop puppet NFS raid quagga proxy raid5 shorewall scsi fail2ban sysfs Salt rtsp DRBD xargs PTR backtrace opcontrol exim taskset slab virsh vim git alien HDFS chromium alsa perl video youtube fio nvidia cpanm keyboard soa ha vrrpd tool iowait elliptics noop bonding vtysh X forwarding backup bash MegaRAID numa /etc/network/interfaces pulseaudio KVM ddos cache dns language bind docker-compose cgroups etch virt-install SYN kernel debian rpm initrd AMD rtl8723be sublime dovecot graylog2 iostat iSCSI zRam lstat iptables OpenStack sysctl.conf swap xfs OpenSSL build glusterfs apt sftp SSD cpu usage groups PXE squeeze mysql tun search SuperMicro RT bscan APU hotplug equalizer limit_conn encrypt Areca munin ip chroot security erase lenny java bridge ardour gpg wordpress ansible route tar profiling leap second find hdparm newgrp docker boot lxc cpu mkfs debootstrap nfs4 HTTPS dhclient cluster sysrq storage CPAN