limiting requests in a given timeframe

Igor Sysoev is at
Sat Oct 20 12:42:42 MSD 2007

On Fri, Oct 19, 2007 at 10:07:41PM +0200, Thomas Seifert wrote:

> nginx seems to be a great product and I'd like to use it as a kind of
> proxy/load-balancer in front of a couple of fastcgi-backends.
> But I need to limit the number of requests by one IP in a given
> timeframe to my dynamic pages to avoid hammering the server
> from some malicious users.
> Therefore I'm wondering if there are any plans to make such a
> functionality in nginx available?
> Currently I only know of mod_evasive for apache which does something
> like that but couldn't find anything else.
> I'm not talking about number of concurrent requests from one IP but the
> number of requests in a given timeframe, e.g.
> limit the number of requests to 10 in 15 seconds or something like that
> and if that number is reached, block the user for
> a given timespan (e.g. 30 minutes) and redirect to some predefined
> static page or return an error-code.

No, nginx currently does not support this, but it will be my next main task,
just after I will have complete current main task - async resolver and
variable support in proxy_pass.

Igor Sysoev

More information about the nginx mailing list