Join Log in
Score:0
Nemilenko avatar Server

nginx - limit_conn_zone cant make it work

br flag
Nemilenko

I want to limit access to only one connection per IP.

The snippet of code I'm using from the official page:

Sets the shared memory zone and the maximum allowed number of connections for a given key value. When this limit is exceeded, the server will return the error in reply to a request. For example, the directives

limit_conn_zone $binary_remote_addr zone=addr:10m;

server {
    location /download/ {
        limit_conn addr 1;
    }

allow only one connection per an IP address at a time.

I'm using nginx inside docker container, and this is the default.conf:

limit_conn_zone $binary_remote_addr zone=addr:10m;
root /usr/share/nginx/html;
server {
  listen 8080;
  location /downloads/ {
      limit_conn addr 1;
      autoindex on;
  }
}

This is the link where is explained how to test if the IP limitation works:

https://blog.actorsfit.com/a?ID=00700-9f36887c-5d4b-4f0e-baf5-725ff22f2e42

The curl command I have used:

curl -v http://192.168.0.13:8080/downloads/ http://192.168.0.13:8080/downloads/

Response:

*   Trying 192.168.0.13:8080...
* TCP_NODELAY set
* Connected to 192.168.0.13 (192.168.0.13) port 8080 (#0)
> GET /downloads/ HTTP/1.1
> Host: 192.168.0.13:8080
> User-Agent: curl/7.68.0
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Server: nginx/1.21.4
< Date: Sun, 28 Nov 2021 11:53:36 GMT
< Content-Type: text/html
< Transfer-Encoding: chunked
< Connection: keep-alive
< 
<html>
<head><title>Index of /downloads/</title></head>
<body>
<h1>Index of /downloads/</h1><hr><pre><a href="../">../</a>
<a href="text">text</a>                                               28-Nov-2021 10:51                   2
</pre><hr></body>
</html>
* Connection #0 to host 192.168.0.13 left intact
* Found bundle for host 192.168.0.13: 0x55e1cd185b50 [serially]
* Can not multiplex, even if we wanted to!
* Re-using existing connection! (#0) with host 192.168.0.13
* Connected to 192.168.0.13 (192.168.0.13) port 8080 (#0)
> GET /downloads/ HTTP/1.1
> Host: 192.168.0.13:8080
> User-Agent: curl/7.68.0
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Server: nginx/1.21.4
< Date: Sun, 28 Nov 2021 11:53:36 GMT
< Content-Type: text/html
< Transfer-Encoding: chunked
< Connection: keep-alive
< 
<html>
<head><title>Index of /downloads/</title></head>
<body>
<h1>Index of /downloads/</h1><hr><pre><a href="../">../</a>
<a href="text">text</a>                                               28-Nov-2021 10:51                   2
</pre><hr></body>
</html>
* Connection #0 to host 192.168.0.13 left intact

Nginx log:

192.168.0.3 - - [28/Nov/2021:11:53:36 +0000] "GET /downloads/ HTTP/1.1" 200 276 "-" "curl/7.68.0" "-"
192.168.0.3 - - [28/Nov/2021:11:53:36 +0000] "GET /downloads/ HTTP/1.1" 200 276 "-" "curl/7.68.0" "-"

I tried the same with telnet and got the same result, I'm able to access the server multiple times from the same IP.

135
0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.