CHAPTER 12 Limiting Use
12.0 Introduction
Limiting use or abuse of your system can be important for throttling
heavy users or stopping attacks. NGINX has multiple modules built
in to help control the use of your applications. This chapter focuses
on limiting use and abuse, the number of connections, the rate at
which requests are served, and the amount of bandwidth used. It’s
important to differentiate between connections and requests: con‐
nections (TCP connections) are the transport layer on which
requests are made and therefore are not the same thing. A browser
may open multiple connections to a server to make multiple
requests. However, in HTTP/1 and HTTP/1.1, requests can only be
made one at a time on a single connection; whereas in HTTP/2,
multiple requests can be made in parallel over a single TCP connec‐
tion. This chapter will help you restrict usage of your service and
mitigate abuse.
限制控制的合理使用对于服务器来讲能够有效阻止攻击者攻击请求。NGINX
服务器内置多种限制控制模块。本章将深入讲解访问连接数、请求速率和
带宽限制等功能。首先需要区分什么是连接(connections) 和 请求(requests)
:连接(TCP 连接)是位于传输层的协议,一个 HTTP 请求会产生一个连接,所以
它们是不同的东西。浏览器与服务器之间的交互允许打开多个连接,这样可以
同时发起多个请求。然而, HTTP/1 和 HTTP/1.1 协议,同一时间仅能处理一
个连接,直到 HTTP/2 才突破次限制,支持同时处理多个连接。本章将学习
相关限制特性,实现对服务的合理使用。