nginx: ограничение количества одновременных подключений на vhost

http {
limit_zone client $server_name 10m;
limit_conn client 20;

nginx proxy_cache для отдельных запросов

http {
 
proxy_cache_path  /var/cache/nginx/cacheone levels=1:2 keys_zone=cacheone:20m max_size=1024m;
 
...
}
 
server {
 
    ...
 
    set $mykey "";
 
    location ... {
         if ($query_string ~ "(foo.*)")
         {
             set $mykey $1;
             error_page 404  =  @cacheone;
             return 404;
         }
 
        ...
    }
 
    location @cacheone {
        proxy_cache cacheone;
        proxy_cache_key "$request_method|$http_if_modified_since|$http_if_none_match|$mykey";
        proxy_cache_valid 200 301 302 304 7m;

nginx status

active connections -- number of all open connections including connections to backends

reading -- nginx reads request header

writing -- nginx reads request body, processes request, or writes response to a client

waiting -- keep-alive connections, actually it is ( active - (reading + writing) )

nginx anti-ddos

if ($cookie_antiflood !~* "что-нибудь") {
    rewrite ^(.*)$ /set_cookie$1 permanent;
    break ;
}
location ~ ^/set_cookie/ {
    add_header Set-Cookie "antiflood=что-нибудь; path=/";
    rewrite ^/set_cookie/(.*)$ /$1 permanent;
    break ;
}

http://habrahabr.ru/blogs/infosecurity/128526/#comment_4251423

User tags

limit_conn docker-compose alien build lxc vtysh oprofile regex docker CentOS HTTPS SpamAssassin fio deb ulimit rtsp fail2ban chroot sublime cgroups ps source LSI sysresccd ha taskset ardour dpkg gdb OpenSSL leap second raid ssh centos 7 elliptics mdadm perlbrew replication git proxy performance debian nginx grub LVM .htaccess gpg radeon bridge security erase apt keyboard kernel dhclient sg ip vim sysctl.conf pulseaudio mysql ipmi swap ddos SYN top arch flash cpanm rpm newgrp sysctl jackd DRBD gre tzdata Adaptec conntrack munin video lenny opcontrol bind APU Salt search parallel hotplug cpu usage cfq lts corosync rkhunter equalizer HDFS netfilter ipmitool bscan backtrace storage dstat SuperMicro encrypt AMD dhcp zRam PXE raid5 profiling cache rtl8723be groups RT nfs4 CPAN freedos xen tftp arping OpenStack cluster rsync shorewall NFS iowait xfs backup Swift numa mount hdparm scsi glusterfs su wget java iptables opreport exim4 tar ubuntu xargs qcow2 virt-install wordpress routing tin usb slab dovecot nvidia find vrrpd 3Ware htop gtk ansible firefox drupal X forwarding dns MegaRAID tun KVM xhost mkfs cpu boot sysfs iops shellshock tool vlan bonding graylog2 openvpn mariadb exim soa qemu pam arp apache virsh glxinfo chromium iostat pvmove bash in-addr.arpa route Areca virtualbox quagga SSD sftp bacula bug language iSCSI core dump pacemaker noop puppet lstat initrd squeeze tiger PTR /etc/network/interfaces idmapd asoundrc debootstrap youtube perl etch php sysrq vrrp fido7 alsa StorMan lubuntu MODx