Skip to content

Update/Questionable control 7 #31

New issue
New issue
Open
Open
Update/Questionable control 7#31
@hordijk

Description

@hordijk
hordijk
opened on Nov 15, 2018

Control 7 (Control simultaneous connections) expects a limit_conn with a value of 5.

nginx-baseline/controls/nginx_spec.rb

Lines 184 to 194 in b54b03c

control 'nginx-07' do
impact 1.0
title 'Control simultaneous connections'
desc 'NginxHttpLimitZone module to limit the number of simultaneous connections for the assigned session or as a special case, from one IP address.'
describe parse_config(nginx_parsed_config, options) do
its('limit_conn_zone') { should eq '$binary_remote_addr zone=default:10m' }
end
describe parse_config(nginx_parsed_config, options) do
its('limit_conn') { should eq 'default 5' }
end
end

Modern web browsers supports 6 (or more) connections per hostname, see the table on https://developer.pushtechnology.com/cloud/latest/manual/html/designguide/solution/support/connection_limitations.html#connection_limitations__conn_ie and the overview on http://www.browserscope.org/?category=network&v=top.

I'm wondering on what basis 5 was chosen?

With modern browsers the the limit of 5 is exceeded with ease. The server will return an error in reply to a request (which might result in a broken site).

With the limit_conn_zone $binary_remote_addr zone=default:10m; the errors might occur more frequently given the use of proxy-servers.

Can you elaborate whether the value of 5 is still the correct value taken into account modern browsers and the use of proxy-servers.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions