nginx limit 开关

目录

当我们在 nginx 配置了 limit_req 后,我们不希望默认是启用的,希望能够提供一个这个功能的开关

不成功的配置

#  set -> map -> limit -> access -> proxy_cache 指令执行顺序
# 这个配置没有成功,开始没有搞清楚指令的执行顺序
lua_shared_dict is_limit 1m;
map $limited $limit {
        0 $binary_remote_addr;
        1 "";
}

limit_req_zone  $limit  zone=one_1:200m   rate=1r/s;

sserver
                {
                listen                   80;
                server_name v5b7.com;

        set $r 1;
        set $limited 1;
        access_by_lua '
               local is_limit  = ngx.shared.is_limit
               local l = is_limit:get("is_limit")
               if l  == nil then
                  ngx.var.limited = 1                                                                                                                                        
               else                                                                                                                                                          
                  ngx.var.limited = 0                                                                                                                                        
               end                                                                                                                                                           
            ';

# 开启 limit_req 限制
       location /path/open_limit {
        access_by_lua '
               local is_limit  = ngx.shared.is_limit
                is_limit:set("is_limit", 0)
               ngx.header.content_type = "text/html"
               ngx.say("limit is open")
             ';
       allow 192.168.0.0/16;
       allow 10.0.0.0/8;
       allow 172.0.0.0/8;
       allow 127.0.0.1/32;
       deny all;
      }

# 关闭 limit_rep 限制
      location /path/close_limit {
        access_by_lua '
               local is_limit  = ngx.shared.is_limit
                is_limit:set("is_limit", nil)
               ngx.header.content_type = "text/html"
               ngx.say("limit is closed")
             ';
       allow 192.168.0.0/16;
       allow 10.0.0.0/8;
       allow 172.0.0.0/8;
       allow 127.0.0.1/32;
       deny all;
      }

# 检查 limit_req 限制
      location /path/is_limited {
        content_by_lua '
               local is_limit  = ngx.shared.is_limit
               local limit = is_limit:get("is_limit")
               ngx.header.content_type = "text/html"
               ngx.say(limit)
                ';
       allow 192.168.0.0/16;
       allow 10.0.0.0/8;
       allow 172.0.0.0/8;
       allow 127.0.0.1/32;
       deny all;
      }
}


成功的配置

# 这个配置可以实现我们预期的功能

lua_shared_dict is_limit 1m;
map $limited $limit {
        0 $binary_remote_addr;
        1 "";
}

limit_req_zone  $limit  zone=one_1:200m   rate=1r/s;

sserver
                {
                listen                   80;
                server_name v5b7.com;

        set_by_lua $limited '                                                                                                                                                  
               local is_limit  = ngx.shared.is_limit
               local l = is_limit:get("is_limit")
               if l  == nil then
                 return   1
               else
                  return  0
               end
        ';


       location /path/open_limit {
        access_by_lua '
               local is_limit  = ngx.shared.is_limit
                is_limit:set("is_limit", 0)
               ngx.header.content_type = "text/html"
               ngx.say("limit is open")
             ';
       allow 192.168.0.0/16;
       allow 10.0.0.0/8;
       allow 172.0.0.0/8;
       allow 127.0.0.1/32;
       deny all;
      }

      location /path/close_limit {
        access_by_lua '
               local is_limit  = ngx.shared.is_limit
                is_limit:set("is_limit", nil)
               ngx.header.content_type = "text/html"
               ngx.say("limit is closed")
             ';
       allow 192.168.0.0/16;
       allow 10.0.0.0/8;
       allow 172.0.0.0/8;
       allow 127.0.0.1/32;
       deny all;
      }

      location /path/is_limited {
        content_by_lua '
               local is_limit  = ngx.shared.is_limit
               local limit = is_limit:get("is_limit")
               ngx.header.content_type = "text/html"
               ngx.say(limit)
                ';
       allow 192.168.0.0/16;
       allow 10.0.0.0/8;
       allow 172.0.0.0/8;
       allow 127.0.0.1/32;
       deny all;
      }
}

目录