limit_req_zone limit by location/proxy

Justin Deltener jdeltener at
Wed Nov 13 03:24:57 UTC 2013

For the life of me I can't seem to get my configuration correct to limit
requests. I'm running nginx 1.5.1 and have it serving up static content and
pushing all non-existent requests to the apache2 proxy backend for serving
up. I don't want to limit any requests to static content but do want to
limit requests to the proxy. It seems no matter what I put in my
configuration I continue to see entries in the error log for ip addresses
which are not breaking the rate limit.

2013/11/12 20:55:28 [warn] 10568#0: *1640292 delaying request, excess:
0.412, by zone "proxyzone" client ABCD

I've tried using a map in the top level like so

 limit_req_zone  $limit_proxy_hits  zone=proxyzone:10m   rate=4r/s;

 map $request_filename $limit_proxy_hits
        default "";
       ~/$ $binary_remote_addr; (only limit filename requests ending in
slash as we may have something.php which should not be limited)

yet when i look at the logs, ip ABCD has been delayed for a url ending in
slash BUT when i look at all proxy requests for the IP, it is clearly not
going over the limit. It really seems that no matter what, the
limit_req_zone still counts static content against the limit or something
else equally as confusing.

I've also attempted

limit_req_zone  $limit_proxy_hits  zone=proxyzone:10m   rate=4r/s;

and then use $limit_proxy_hits inside the server/location

    set $limit_proxy_hits "";

    location /
        set $limit_proxy_hits $binary_remote_addr;

and while the syntax doesn't bomb, it seems to exhibit the exact same
behavior as above as well.


a) When i clearly drop 40 requests from an ip, it clearly lays the smack
down on a ton of requests as it should
b) I do a kill -HUP on the primary nginx process after each test
c) I keep getting warnings on requests from ip's which are clearly not
going over the proxy limit
d) I have read the leaky-bucket algorithm and unless i'm totally missing
something a max of 4r/s should always allow traffic until we start to go
OVER 4r/s which isn't the case.

The documentation doesn't have any real deep insight into how this works
and I could really use a helping hand. Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the nginx mailing list