ngx_dynamic_limit_req_module 用于动态锁定 ip 和释放、动态限流,对于防止恶意刷接口效果理想。
配置模板:
worker_processes 2; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; dynamic_limit_req_zone $binary_remote_addr zone=one:10m rate=100r/s redis=127.0.0.1 block_second=300; dynamic_limit_req_zone $binary_remote_addr zone=two:10m rate=50r/s redis=127.0.0.1 block_second=600; server { listen 80; server_name localhost; location / { root html; index index.html index.htm; dynamic_limit_req zone=one burst=80 nodelay; dynamic_limit_req_status 403; } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } server { listen 80; server_name localhost2; location / { root html; index index.html index.htm; dynamic_limit_req zone=two burst=50 nodelay; dynamic_limit_req_status 403; } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } }
支持黑白名单
白名单规则
redis-cli set whiteip ip
黑名单规则
redis-cli set ip ip