limit_req seems to have no effect, but I would prefer it did

zildjohn01 nginx-forum at nginx.us
Tue Oct 9 09:20:00 UTC 2012 

I'm attempting to rate limit requests, and I'm unable to make the limit_req
directive have any effect. I've trimmed it down to a minimal test case.
Here's my complete nginx.conf (with only the server_name changed to protect
the innocent):

----------------------------------------------------------------------
worker_processes  2;

events {
	worker_connections  8192;
}

http {
	#keepalive_timeout      0s;
	#keepalive_requests     0;
	#limit_conn_zone  $binary_remote_addr  zone=conn_res:10m;
	#limit_conn       conn_res  1;
	limit_req_zone   $binary_remote_addr  zone=req_res:10m  rate=1r/s;
	limit_req        zone=req_res;

	server {
		listen       80;
		server_name  example.com  *.example.com;
		location / {
			return  410;
		}
	}
}
----------------------------------------------------------------------

I've tried various combinations of burst=2, nodelay, 1r/s or 1r/m, with and
without limit_conn, with and without keepalive, with and without "location
/", etc... and requests are never being limited, as shown by the access.log
entries below:

----------------------------------------------------------------------
while true; do
	curl 55.55.55.55 -H'Host: test.example.com'
done

12.34.56.78 - - [09/Oct/2012:08:47:03 +0000] "GET / HTTP/1.1" 410 158 "-"
"curl/7.21.1 (i686-pc-mingw32) libcurl/7.21.1 OpenSSL/0.9.8r zlib/1.2.3"
12.34.56.78 - - [09/Oct/2012:08:47:03 +0000] "GET / HTTP/1.1" 410 158 "-"
"curl/7.21.1 (i686-pc-mingw32) libcurl/7.21.1 OpenSSL/0.9.8r zlib/1.2.3"
12.34.56.78 - - [09/Oct/2012:08:47:03 +0000] "GET / HTTP/1.1" 410 158 "-"
"curl/7.21.1 (i686-pc-mingw32) libcurl/7.21.1 OpenSSL/0.9.8r zlib/1.2.3"
12.34.56.78 - - [09/Oct/2012:08:47:04 +0000] "GET / HTTP/1.1" 410 158 "-"
"curl/7.21.1 (i686-pc-mingw32) libcurl/7.21.1 OpenSSL/0.9.8r zlib/1.2.3"
etc...
----------------------------------------------------------------------

The error.log file is empty. I'm running nginx 1.3.7, compiled from source,
on an Amazon EC2 micro instance with the default image. (For kicks, I also
tried 1.0.15, with no luck.) Here is /proc/version:

Linux version 3.2.21-1.32.6.amzn1.x86_64 (mockbuild at gobi-build-31004) (gcc
version 4.4.6 20110731 (Red Hat 4.4.6-3) (GCC) ) #1 SMP Sat Jun 23 02:32:15
UTC 2012

Am I missing something obvious here?

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,231530,231530#msg-231530

More information about the nginx mailing list