limit_req seems to have no effect, but I would prefer it did

Valentin V. Bartenev ne at
Thu Oct 11 09:31:42 UTC 2012

On Thursday 11 October 2012 05:17:19 zildjohn01 wrote:
> That definitely explains the behavior I was seeing. But to me, any way to
> bypass the rate limiter seems like a security hole.

Just "return  410;" is the much cheaper than the whole request limitation thing.
And it's a good reason to save the resources and don't do limitation at all in
this case.

The limit modules should be used to limit access to any resource consumption 
tasks, not trivial. Limiting for "return  410;" seems pointless to me.

> Is there any way to change the phase/order of these two directives,

No, there is no way.

> or to otherwise cause rewritten requests to be rate limited?

You can try some workaround like this:

  location / {
      try_files /410 @410;

  location @410 {
      return  410;

 wbr, Valentin V. Bartenev


More information about the nginx mailing list