limit_zone: Using other variables than $binary_remote_addr

Steffen Weber nginx at
Wed Jan 14 13:33:03 MSK 2009

I want to restrict the number of connections people can have to our 
download server. Limiting the concurrent connections by ip address is 
not very useful, because if I only allow 1 connection per ip address 
then a user cannot download multiple files at once. And if I allow n > 1 
connections per IP address, then some download managers will create 
multiple connections and other users complain about fairness.

Currently one can use the limit_zone module to restrict the number of 
concurrent connections per ip address. An interesting use case would be 
to use some token in the URL (for example a GET parameter or a part of 
the requested path) instead of the ip address as the limit_zone 
$variable mentioned in the wiki:

For example if I hand out the URL{SOME_MD5_SUM} to a client I do not 
want to allow more than one concurrent connection that uses the given 
token. Is this currently possible in nginx? If yes, then which $variable 
do I have to use in the limit_zone directive?

Of course, I would have to verify that the token is one that I have 
given to the client and that it has not been constructed arbitrarily. 
But this can be easily solved with a little PHP and the excellent 
"X-Accel-Redirect" header that nginx supports.

Kind regards
Steffen Weber

More information about the nginx mailing list