Unlimited Hong Kong Cloud Server 4C8G 5M CN2 $225.27/year, $18.77/month
Notice Contact Us Support
Shop
SG Cloud Server SG Dedicated Server US Cloud Server HK Cloud Server HK Dedicated Server
Cloud Server
SG Cloud Server HK Cloud Server US Cloud Server
Dedicated Servers
Anti-DDoS IP
Security
Cloud DNS Domain Name SSL Certificate
Data Centers
Singapore, SG (SIN) HK HGC HK Tsuen Wan Los Angeles, USA (LAX)
Company
About Us Contact Us Support AFF
EN
CN
Sign In
Support >
  About cloud server >
  How does Nginx limit IP access frequency in US cloud servers
How does Nginx limit IP access frequency in US cloud servers
Time : 2025-03-19 14:37:19
Edit : Jtti

U.S. cloud servers receive hundreds of login requests or interface brush attempts from the same IP per second, which can easily bring down business systems in minutes. Nginx as the traffic inlet, built-in protection mechanism can effectively and accurately cut off abnormal request traffic. Here is a detailed explanation of how Nginx limits IP access frequency in US cloud servers.

The US cloud server Nginxlimit_req module uses the leaky bucket algorithm to control the rate at which requests reach the service layer. The following configuration can limit a single IP address to a maximum of 10 requests per second and 5 requests for burst traffic.

nginx  
http {  
limit_req_zone $binary_remote_addr zone=ip_limit:10m rate=10r/s;  
server {  
location /api/ {  
limit_req zone=ip_limit burst=5 nodelay;  
proxy_pass http://backend;  
}
}
}

zone=ip_limit:10m: 10MB memory is allocated to store IP addresses. About 160,000 IP addresses can be recorded.

rate=10r/s: The limit of 10 requests per second is actually smoothed by milliseconds (that is, 1 request per 100ms).

burst=5: Allows requests to be exceeded by 5 instantly, and the exceeded part is queued instead of rejected outright.

nodelay: The burst request is processed immediately instead of delayed, preventing the client from waiting for a long time.

Malicious crawlers often access specific dynamic interfaces at high frequencies, while normal users mainly trigger static resources (such as images, CSS). Protect core business with differentiated speed limits:

nginx  
map $uri $limit_bucket {  
~^/api/    "dynamic";  
default    "static";  
}
limit_req_zone $binary_remote_addr zone=dynamic_limit:10m rate=5r/s;  
limit_req_zone $binary_remote_addr zone=static_limit:10m rate=50r/s;  
server {  
location /api/ {  
limit_req zone=dynamic_limit burst=3;  
proxy_pass http://backend;  
}
location / {  
limit_req zone=static_limit burst=20;  
root /var/www/html;  
}
}

This policy limits dynamic interfaces to five times per second and static resources to 50 times per second, which does not affect user experience and protects critical services.

Trusted IP addresses such as CDN nodes and internal monitoring systems must be whitelisted to avoid accidental damage.

nginx  
geo $whitelist {  
default 0;  
192.168.1.0/24 1; Intranet IP
203.0.113.50 1; CDN node
}
map $whitelist $limit_key {  
0 $binary_remote_addr;  
1 "";
}
limit_req_zone $limit_key zone=all_limit:10m rate=20r/s;  
server {  
location / {  
limit_req zone=all_limit burst=10;  
... Other configuration
}
}

The IP addresses in the whitelist are not restricted by the rate limiting rule, ensuring the smooth flow of critical services. For persistent IP attacks, dynamic blocking can be achieved using OpenResty's Lua extension:

nginx  
http {  
lua_shared_dict ip_blacklist 10m;  
init_by_lua_block {  
local blacklist = ngx.shared.ip_blacklist  
blacklist:set("192.0.2.100", 1) Initial blacklist
}
server {  
access_by_lua_block {  
local client_ip = ngx.var.remote_addr  
local blacklist = ngx.shared.ip_blacklist  
if blacklist:get(client_ip) then  
ngx.exit(ngx.HTTP_FORBIDDEN)  
end  
}
location /report {  
content_by_lua_block {  
local client_ip = ngx.var.remote_addr  
local blacklist = ngx.shared.ip_blacklist  
blacklist:set(client_ip, 1, 3600) will block it for one hour
ngx.say("IP ", client_ip, "blacklisted ")
}
}
}
}

Blacklist IP addresses are automatically blocked, and malicious IP addresses can be dynamically added by human or external systems through the /report interface.

Combined with the WAF log analysis tool, the attack IP can be automatically identified and the interface can be blocked. Attackers often bypass basic defense through proxy IP pools or slow attacks, and need to combine strategies to deal with:

UserAgent filtering: Intercept the browser identity

nginx  
if ($http_user_agent ~ "wget|curl|python") {  
return 403;  
}

Verification Code Challenge: Return to the verification code page for high-frequency IP addresses

nginx  
error_page 503 @verify;  
location @verify {  
add_header ContentType text/html;  
return 200 '<html> Please complete the verification code <iframe src="/captcha"></iframe></html>';
}

Log Analysis and Dynamic adjustment Use GoAccess to analyze Nginx logs, identify abnormal request patterns, and dynamically adjust speed limit thresholds based on peak business hours such as temporary relaxation of restrictions during promotions.

After the configuration is complete, verify that the rule takes effect.

Manual test, trigger speed limit

for i in {1.. 15}; do curl http://server/api/login;  done

Observation returns 429 Too Many Requests

Automated pressure measurement (see success rate and number of rejected requests) :

ab n 1000 c 50 http://server/api/login

Monitoring indicators:

Nginx active connections (ngx_http_active_connections)、Limiting module rejection times (ngx_http_limit_req_status).

In summary, Nginx's refined traffic control can build an adaptive defense line at the code level without relying on expensive security hardware.

Previous one:What are the SSH security Settings of cloud servers in Singapore Next one:Hong Kong cloud server Nginx and firewall conflict solution

Relevant contents

Hong Kong cloud server Nginx and firewall conflict solution Us cloud server Nginx access log segmentation method Jtti Anniversary Sale, cn2 gia cloud server 75% off, renewal up to 30 days free Let you know how to use the sudo command Steps to improve volume management for OpenStack pike How to install Unity Editor on Linux What are the benefits of using DIV+CSS layout when building a website? How to solve the problem that the DB2 database transaction log is full? How to create a theme navigation menu using WordPress? What are the common CPU types of cloud servers
Latest Posts
Steps for Ubuntu system updates and upgrades How to solve the problem of excessive worker process usage on Singapore cloud servers Whole process of configuring the firewall on the Linux server How to monitor the performance of Hong Kong cloud servers What are the core components of the U.S. server What are the challenges of enterprise server maintenance How to implement access log segmentation in Nginx cloud server What are the backup policies of the Windows server What are the SSH security Settings of cloud servers in Singapore Advantages and disadvantages of Nginx versus Apache
24/7/365 support.
We work when you work
Telegram
E-mail
Work Order
Support
Shop
SG Dedicated Server US Dedicated Server SG Cloud Server SG Anti-DDoS Server US SEO Server
Cloud Server
SG Cloud Server US Cloud Server HK Cloud Server
Dedicated Servers
CN2 Server SG Dedicated Server US Dedicated Server HK Dedicated Server SEO Server HK SEO Server US SEO Server
High Bandwidth Server HK High Bandwidth Server HK International High Bandwidth Server Anti-DDoS Server SG Anti-DDoS Server HK Anti-DDoS Server US Anti-DDoS Server
Security
Cloud DNS Domain Name SSL Certificate
Data Centers
Singapore, SG (SIN) Los Angeles, USA (LAX) HK HGC HK Tsuen Wan
About Jtti
About Us Support Glossary Privacy
©2025 jtti.cc. All Rights Reserved
JTTI-Defl
JTTI-COCO
JTTI-Selina
JTTI-Ellis
JTTI-Eom
Title
Email Address
Type
Information
Code
Submit