Understanding HttpLimitReqModule

Adrian von Stechow adrian at stechow.org
Fri Feb 25 13:04:34 MSK 2011

Hi all:

I'm trying to understand the HttpLimitReqModule, the wiki is a bit
unverbose about the terminology.
I'm trying to mimic Apache's mod_evasive module, specifically there is
an annoying user that likes to request the same image once every
second for hours at a time. I would like to log this and then use
fail2ban to block the IP for a specific time. The problem is that the
image in question is a legitimate request that shows up on every page
of the site in question. What I had in mind:

limit_req_zone  $binary_remote_addr  zone=one:1m   rate=50r/m;
#offending user: 60r/m

    server {
        location = /path/to/image.jpg {
            limit_req   zone=one  burst=???;
            limit_req_log_level error

The problem is the low rate with which the offending requests are
made. mod_evasive lets you set up a timespan in which a specific
number of requests are made, while nginx checks "online" if a second
request is made after 1/rate. In my case (1 offending request per
second), legitimate users would be blocked if they load 2 pages in one
second, which of course happens frequently.

Any suggestions?


More information about the nginx mailing list