Is there anything I can do to speed up the initial connection? It
seems like the first page of my site I hit is consistently slower to
respond than all subsequent requests. This is the case even when my
backend session is still valid and unexpired for that initial request.
Is 'multi_accept on;' a
> limit_req works with multiple connections, it is usually configured per IP
> using $binary_remote_addr. See
> http://nginx.org/en/docs/http/ngx_http_limit_req_module.html#limit_req_zone
> - you can use variables to set the key to whatever you like.
>
> limit_req generally helps protect eg your ba
> I've been struggling with http response time slowdowns and
> corresponding spikes in my TCP Queuing graph in munin. I'm using
> nginx as a reverse proxy to apache which then hands off to my backend,
> and I think the proxy_read_timeout line in my nginx config is at least
> contributing to the is
Maxim,
After 29 hours error re-appeared jus tonce, which is much less than before
I see a correlation on my monit system at this exact time :
apache traffic had a peak, which equals to a big download peak
I'm now thinking to nginx tweaks i have not done yet
I now enlarge
from 64m to
client_max_
I had too many false positives with Naxsi and debugging is difficult. In any
event, using Naxsi doesn't eliminate the need to block bad referrals, so you
still need the map module.
I have passed tinfoilsecurity.com flogging, as well as one of the transversal
testers. So this is more than just
Pardon me, but this thread smells terribly of bikeshedding. Comparing ifs vs
maps is useless when what you're trying to accomplish should never be done
through an HTTP server config. It's security theater, and no, the low-hanging
fruit argument does not apply here. Use a proper waf like libmodse
Hi,
Is there a way we can set NGINX to redirect only if Caching node is UP
otherwise serve from origin server ? Here is more details about the
scenario :
We've two servers (Origin & Cache) & here is the request scenario:
- client (1.1.1.1) requests a file to origin server
- Origin checks if ip i
Possibly map uses a hashing scheme to do the matches, so it could be more
efficient than a series of ifs. That is something the programmers would know.
Every situation is different. I don't find the maps I use to be detrimental,
especially if you are preventing further operations by the nginx.
I understand that the map may look cleaner on the config as each vhost
don't need the if matchings ..but the variable evaluation and
therefore the pattern matching for all possible values is still
happening when the mapped variable in encountered? and therefore there
is still a huge performance pe
I suspect the map module can do that more efficiently. There is an example of
how to use the map module in this post:
http://ask.xmodulo.com/block-specific-user-agents-nginx-web-server.html
The code is certainly cleaner using map. I use three maps, specifically for
bad user agent, bad request
Hi,
I was following some suggestions on blocking user agents,sql
injections etc as in the following URL
https://www.howtoforge.com/nginx-how-to-block-exploits-sql-injections-file-injections-spam-user-agents-etc
Just wanted to know what is the performance hit when using so many of
these if's ( in
11 matches
Mail list logo
