My website needs to use limit_conn and limit_req to prevent ddos attacks.
If loading a webpage requires requesting many resources, such as images, JS, and CSS, assume a total of 300 requests are initiated, and these requests are all based on the HTTP2 protocol.
As far as I know, after establishing a connection using the http2 protocol, multiple requests can reuse the connection. If according to this statement, these 300 requests only need to establish a connection once. But according to the official document of nginx ngx_http_limit_conn_module, "In HTTP/2 and HTTP/3, each concurrent request is considered a separate connection." Does this mean that these 300 requests will establish 300 connections with the nginx server?
Because of this confusion, I don't know what the value of limit_conn should be set to right now.
My configuration is like this:
http{
...
limit_conn_zone $binary_remote_addr zone=perip:10m;
server {
...
limit_conn perip 3;
limit_conn_log_level error;
...
}
...
}
and then many images on this webpage couldn't be loaded, with a return code of 503.
Assuming the webpage I requested is like this:
hello
<img src="a.jpg">
<img src="b.jpg">
<img src="c.jpg">
I checked the Connection ID of Chrome, this shows that the browser has established 4 connections with the server:
So why can all four requests be accessed normally when I set the limit_conn to 3?