Openresty 根据 IP 限流

 6个月前     2  



http {
lua_shared_dict my_limit_req_store 100m;

server {
location / {
access_by_lua_block {

local limit_req = require "resty.limit.req"

-- limit the requests under 200 req/sec with a burst of 100 req/sec,
-- that is, we delay requests under 300 req/sec and above 200
-- req/sec, and reject any requests exceeding 300 req/sec.
-- 200req/sec 以下不限流,300req/sec 拒绝,200~300req/sec 延迟

local lim, err ="my_limit_req_store", 200, 100)
if not lim then
"failed to instantiate a resty.limit.req object: ", err)
return ngx.exit(500)

-- the following call must be per-request.
-- here we use the remote (IP) address as the limiting key
-- 限制条件为 ip
local key = ngx.var.binary_remote_addr
-- 300 以上,err 为 rejected,200~300 err 为超过 200 的额外请求数,delay 为延迟时间
local delay, err = lim:incoming(key, true)
if not delay then
if err == "rejected" then
return ngx.exit(503)
ngx.log(ngx.ERR, "failed to limit req: ", err)
return ngx.exit(500)

if delay >= 0.001 then
-- the 2nd return value holds the number of excess requests
-- per second for the specified key. for example, number 31
-- means the current request rate is at 231 req/sec for the
-- specified key.
local excess = err

-- the request exceeding the 200 req/sec but below 300 req/sec,
-- so we intentionally delay it here a bit to conform to the
-- 200 req/sec rate.

# content handler goes here. if it is content_by_lua, then you can
# merge the Lua code above in access_by_lua into your content_by_lua's
# Lua handler to save a little bit of CPU time.