some sort of attack?

Jonathan Matthews contact at
Sat Mar 16 10:06:17 UTC 2013

On 16 March 2013 09:34, Praveen Yarlagadda <praveen.yarlagadda at> wrote:
> Hi,
> I installed nginx on an EC2 instance. After few hours, I started getting
> repeated requests from a set of servers. I tried using limit_req with the
> following options:
> limit_req_zone $binary_remote_addr zone=ratezone:10m rate=3r/s;
> limit_req zone=ratezone burst=5 nodelay;
> But I found that it is not effective. If you take a look at the following
> access_log content, you would notice that the IP addresses are different. I
> don't see more than 3 requests in a sec. Another weird thing is GET requests
> are starting with "http://". I never saw it before. Is there any way I can
> filter requests or possibly throw 503?

How about

location http:// {
  access_log off;
  return 444;

Jonathan Matthews // Oxford, London, UK

More information about the nginx mailing list