#1133 closed defect (fixed)
ngx_http_limit_req_module . When zone storage is exhausted, all the request woud not be limited.
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | documentation | Version: | 1.10.x |
| Keywords: | limit_req_zone | Cc: | |
| uname -a: | |||
| nginx -V: |
nginx version: nginx/1.10.2
built by cl 16.00.30319.01 for 80x86 built with OpenSSL 1.0.2j 26 Sep 2016 TLS SNI support enabled configure arguments: --with-cc=cl --builddir=objs.msvc8 --with-debug --prefix= --c onf-path=conf/nginx.conf --pid-path=logs/nginx.pid --http-log-path=logs/access.log --error-log-path=logs/error.log --sbin-path=nginx.exe --http-client-body-temp-pat h=temp/client_body_temp --http-proxy-temp-path=temp/proxy_temp --http-fastcgi-temp -path=temp/fastcgi_temp --http-scgi-temp-path=temp/scgi_temp --http-uwsgi-temp-pat h=temp/uwsgi_temp --with-cc-opt=-DFD_SETSIZE=1024 --with-pcre=objs.msvc8/lib/pcre- 8.39 --with-zlib=objs.msvc8/lib/zlib-1.2.8 --with-select_module --with-http_realip _module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_stub_status_module --with-http_flv_module --with-http_mp4_module --wit h-http_gunzip_module --with-http_gzip_static_module --with-http_auth_request_modul e --with-http_random_index_module --with-http_secure_link_module --with-http_slice _module --with-mail --with-stream --with-openssl=objs.msvc8/lib/openssl-1.0.2j --w ith-openssl-opt=no-asm --with-http_ssl_module --with-mail_ssl_module --with-stream _ssl_module --with-ipv6 |
||
Description
Hi,I want to validated 'If the zone storage is exhausted, the server will return the 503 (Service Temporarily Unavailable) error to all further requests.'
which is described in http://nginx.org/en/docs/http/ngx_http_limit_req_module.html.
By failed! And the appearance show when zone storage is exhausted, all the request woud not be limited. Which may be a bug.
In order to prove that, I set my nginx.conf like :
http{
log_format main '$remote_addr - [$time_local] [$msec] $status $http_x_forwarded_for ';
limit_req_zone $http_x_forwarded_for zone=limitByIP:'''50k''' rate='''1r/m''';
...
server{
...
limit_req zone=limitByIP ;
...
}
}
In my config the key is $http_x_forwarded_for.
The rate is one request per min.
The shared memory zone is 50k.
My testing and results :
【Test1】Ip count:9 result:all request pase.
10.18.20.74 - [18/Nov/2016:15:32:09 +0800] [1479454329.720] 200 10.0.0.2
10.18.20.74 - [18/Nov/2016:15:32:09 +0800] [1479454329.736] 200 10.0.0.3
10.18.20.74 - [18/Nov/2016:15:32:09 +0800] [1479454329.736] 200 10.0.0.4
10.18.20.74 - [18/Nov/2016:15:32:09 +0800] [1479454329.736] 200 10.0.0.5
10.18.20.74 - [18/Nov/2016:15:32:09 +0800] [1479454329.736] 200 10.0.0.6
10.18.20.74 - [18/Nov/2016:15:32:09 +0800] [1479454329.736] 200 10.0.0.7
10.18.20.74 - [18/Nov/2016:15:32:09 +0800] [1479454329.751] 200 10.0.0.8
10.18.20.74 - [18/Nov/2016:15:32:09 +0800] [1479454329.751] 200 10.0.0.9
10.18.20.74 - [18/Nov/2016:15:32:09 +0800] [1479454329.767] 200 10.0.0.10
【Test2】Ip count:9 result:due to the rate is 1r/m all the reques is limited,and return 503.
10.18.20.74 - [18/Nov/2016:15:32:10 +0800] [1479454330.360] 503 10.0.0.2
10.18.20.74 - [18/Nov/2016:15:32:10 +0800] [1479454330.360] 503 10.0.0.3
10.18.20.74 - [18/Nov/2016:15:32:10 +0800] [1479454330.375] 503 10.0.0.4
10.18.20.74 - [18/Nov/2016:15:32:10 +0800] [1479454330.391] 503 10.0.0.5
10.18.20.74 - [18/Nov/2016:15:32:10 +0800] [1479454330.407] 503 10.0.0.6
10.18.20.74 - [18/Nov/2016:15:32:10 +0800] [1479454330.407] 503 10.0.0.7
10.18.20.74 - [18/Nov/2016:15:32:10 +0800] [1479454330.438] 503 10.0.0.8
10.18.20.74 - [18/Nov/2016:15:32:10 +0800] [1479454330.438] 503 10.0.0.9
10.18.20.74 - [18/Nov/2016:15:32:10 +0800] [1479454330.453] 503 10.0.0.10
【Test3】Ip count:10 result:nomal ,I add one ip 10.0.0.11
10.18.20.74 - [18/Nov/2016:15:32:14 +0800] [1479454334.197] 503 10.0.0.2
10.18.20.74 - [18/Nov/2016:15:32:14 +0800] [1479454334.197] 503 10.0.0.3
10.18.20.74 - [18/Nov/2016:15:32:14 +0800] [1479454334.213] 503 10.0.0.4
10.18.20.74 - [18/Nov/2016:15:32:14 +0800] [1479454334.229] 503 10.0.0.5
10.18.20.74 - [18/Nov/2016:15:32:14 +0800] [1479454334.229] 503 10.0.0.6
10.18.20.74 - [18/Nov/2016:15:32:14 +0800] [1479454334.260] 503 10.0.0.7
10.18.20.74 - [18/Nov/2016:15:32:14 +0800] [1479454334.260] 503 10.0.0.8
10.18.20.74 - [18/Nov/2016:15:32:14 +0800] [1479454334.275] 503 10.0.0.9
10.18.20.74 - [18/Nov/2016:15:32:14 +0800] [1479454334.291] 503 10.0.0.10
10.18.20.74 - [18/Nov/2016:15:32:14 +0800] [1479454334.291] 200 10.0.0.11
【Test4】Ip count:10 result:all the request is pass.that make me confused.
10.18.20.74 - [18/Nov/2016:15:32:15 +0800] [1479454335.991] 200 10.0.0.2
10.18.20.74 - [18/Nov/2016:15:32:16 +0800] [1479454336.007] 200 10.0.0.3
10.18.20.74 - [18/Nov/2016:15:32:16 +0800] [1479454336.007] 200 10.0.0.4
10.18.20.74 - [18/Nov/2016:15:32:16 +0800] [1479454336.007] 200 10.0.0.5
10.18.20.74 - [18/Nov/2016:15:32:16 +0800] [1479454336.007] 200 10.0.0.6
10.18.20.74 - [18/Nov/2016:15:32:16 +0800] [1479454336.007] 200 10.0.0.7
10.18.20.74 - [18/Nov/2016:15:32:16 +0800] [1479454336.007] 200 10.0.0.8
10.18.20.74 - [18/Nov/2016:15:32:16 +0800] [1479454336.023] 200 10.0.0.9
10.18.20.74 - [18/Nov/2016:15:32:16 +0800] [1479454336.023] 200 10.0.0.10
10.18.20.74 - [18/Nov/2016:15:32:16 +0800] [1479454336.023] 200 10.0.0.11
【Test5】Ip count:9 result:the previous key-states seems to be removed.
10.18.20.74 - [18/Nov/2016:15:32:39 +0800] [1479454359.360] 200 10.0.0.2
10.18.20.74 - [18/Nov/2016:15:32:39 +0800] [1479454359.360] 200 10.0.0.3
10.18.20.74 - [18/Nov/2016:15:32:39 +0800] [1479454359.360] 200 10.0.0.4
10.18.20.74 - [18/Nov/2016:15:32:39 +0800] [1479454359.360] 200 10.0.0.5
10.18.20.74 - [18/Nov/2016:15:32:39 +0800] [1479454359.376] 200 10.0.0.6
10.18.20.74 - [18/Nov/2016:15:32:39 +0800] [1479454359.376] 200 10.0.0.7
10.18.20.74 - [18/Nov/2016:15:32:39 +0800] [1479454359.376] 200 10.0.0.8
10.18.20.74 - [18/Nov/2016:15:32:39 +0800] [1479454359.376] 200 10.0.0.9
10.18.20.74 - [18/Nov/2016:15:32:39 +0800] [1479454359.407] 200 10.0.0.10
thank you for reading this report,looking forward to you reply.
sincerely!
fellowming@…
Change History (6)
comment:1 by , 7 years ago
follow-ups: 3 6 comment:2 by , 7 years ago
| Component: | nginx-module → documentation |
|---|
The behaviour is as expected: when a memory allocation from a shared zone fails, nginx will remove the oldest state from the zone. The 503 error is returned only if this is not enough to free enough space to store the new state. This approach allows to still work (in most cases) and limit fastest clients even when the shared zone is exhausted.
In your tests IP addresses are used in order and there are no clients which are faster than others, so oldest is always removed, leading to no limits at all. While this may be a bit surprising, this is not a bug. Documentation might need some more details on how things work.
(What is the bug is that in your case each state requires 4k of memory, and only 10 states can be saved in 50k zone. It should be able to save much more states. This is a windows-specific bug to be fixed. Earlier attempts to do so can be found in the mailing list here.)
comment:3 by , 7 years ago
Replying to mdounin:
Thank you for solving my doubts.The approach can be understood.
(BYW,When I do my tests on linux ,it can keep 320 states with the same config.)
comment:5 by , 7 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
comment:6 by , 7 years ago
Replying to mdounin:
(What is the bug is that in your case each state requires 4k of memory, and only 10 states can be saved in 50k zone. It should be able to save much more states. This is a windows-specific bug to be fixed. Earlier attempts to do so can be found in the mailing list here.)
This win32 specific bug has been fixed here.
The OS is windows server 2008 R2 64bit