<div dir="ltr">On Sun, Mar 3, 2013 at 7:00 AM, <span dir="ltr"><<a href="mailto:nginx-devel-request@nginx.org" target="_blank">nginx-devel-request@nginx.org</a>></span> wrote:<br><div class="gmail_extra"><div class="gmail_quote">
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Message: 1<br>
Date: Sun, 3 Mar 2013 03:14:12 +0400<br>
From: Maxim Dounin <<a href="mailto:mdounin@mdounin.ru">mdounin@mdounin.ru</a>><br>
To: <a href="mailto:nginx-devel@nginx.org">nginx-devel@nginx.org</a><br>
Subject: Re: Patch proposal: allow alternatives to 503 status code in<br>
limit_req module<br>
Message-ID: <<a href="mailto:20130302231412.GD15378@mdounin.ru">20130302231412.GD15378@mdounin.ru</a>><br>
Content-Type: text/plain; charset=us-ascii<br>
<br>
Hello!<br>
<br>
On Fri, Mar 01, 2013 at 09:23:08PM -0500, Nick Marden wrote:<br>
<br>
> Hey there,<br>
><br>
> I've been doing some work using limit_req to prevent overzealous clients<br>
> from DOS'ing my site. Specifically, I wanted to use a different HTTP status<br>
> code such as 420 or 429 so that it would be straightforward to show a "hey<br>
> man, chill out" page rather than my generic 503 error page.<br>
><br>
> Attached is a patch that enables this option for the limit_req directive.<br>
> It still defaults to 503, but you can set it to any 4xx or 5xx value of<br>
> your choosing by specifying<br>
><br>
> limit_req zone=foo burst=10 status_code=420;<br>
><br>
> for example.<br>
<br>
I don't think this should be per-limit settings, for the following<br>
reasons in no particular order:<br>
<br>
- This makes things complicated in case of multiple limits used.<br>
Current concept is to pass a request if it satisfies all limits<br>
configured. If at least one limit reached - request is rejected<br>
(and nothing else happens). With such aproach limit check order<br>
isn't significant. Introducing per-limit status code will make<br>
check order significant.<br>
<br>
- There is no way to easily set default code server-wide.<br>
<br>
I think it should be separate directive to set status, something<br>
like<br>
<br>
limit_req_status 429;<br>
<br>
Additionally, there should be limit_conn counterpart,<br>
<br>
limit_conn_status 429;<br></blockquote><div><br></div><div style>I understand what you are saying and have made the corresponding changes to my patch (attached).</div><div style> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
> I hope I've sent this to the right place. Please let me know where else to<br>
> send it if I'm in the wrong place.<br>
<br>
It's the right place.<br></blockquote><div><br></div><div style>Thanks. Please let me know if there is anything else I can do to help get this patch onto trunk.</div><div style><br></div><div style>Cheers,</div></div>
<div><br></div>-- <br><div>Nick Marden</div><div><a href="mailto:nick@marden.org" target="_blank">nick@marden.org</a></div>
</div></div>