HTTP status 429 instead of 503 on throttled requests
mdounin at mdounin.ru
Wed Feb 17 19:26:49 UTC 2021
On Wed, Feb 17, 2021 at 06:56:36PM +0000, Kaisersberger, Klaus wrote:
> Hi there
> nginx responds with 503 for requests discarded due to throttling (https://www.nginx.com/blog/rate-limiting-nginx/).
> This seems to contradict https://tools.ietf.org/rfc/rfc6585.txt, that recommends 429 (Too Many Requests) instead.
> Should nginx be adjusted?
There are no such plans, in particular, because it is generally a
bad idea to report to an attacker that the attack was detected and
If you think that in your particular case returning 429 is a good
idea, you can adjust your configuration by using the
limit_req_status directive (http://nginx.org/r/limit_req_status).
More information about the nginx-devel