How to Limit Concurrent Connections per IP in Nginx to Prevent CC Attacks

Configuration

To limit the number of concurrent requests from the same IP, add the following directive to your Nginx configuration: limit_conn addr 2; This limits the maximum concurrent connections to 2 for each IP address; adjust the number as needed.

Test

Create a test script a.php and use the ab tool from another server to generate concurrent requests: # ab -c 5 -t 10 http://192.2.4.31/a.php Because the test uses 5 concurrent connections, which exceeds the limit of 2, the Nginx access log shows many responses with status 503 .

Increase the limit: limit_conn addr 10; Rerun the ab test and all responses return 200 , confirming the configuration works.

Configuration Explanation

The two key directives are:

limit_conn_zone : defines a shared memory zone to store connection state, e.g. limit_conn_zone $binary_remote_addr zone=addr:10m; where the client IP is the key and the zone named addr has 10 MB of storage.

limit_conn : applies the limit to a zone, e.g. limit_conn addr 2; which allows at most 2 concurrent connections per IP; excess connections receive a 503 response.

Using these directives you can effectively restrict IP concurrency and mitigate CC attacks.