Exclude ip's from Nginx limit_req zone

Francis Daly francis at daoine.org
Sun Dec 21 14:39:54 UTC 2014


On Sat, Dec 20, 2014 at 06:18:03PM -0500, ASTRAPI wrote:

Hi there,

> limit_conn_zone $binary_remote_addr zone=alpha:8m;
> limit_req_zone $binary_remote_addr zone=delta:8m rate=40r/s;

> limit_conn alpha 5;
> limit_req zone=delta burst=80 nodelay;

> Now i want to exclude Cloudflare ip's from this connection limits.

Instead of using $binary_remote_addr, use a $new_variable which is empty
for Cloudflare IPs and equal to $binary_remote_addr for other IPs.

Ideally, something like

  geo $new_variable {
    default $binary_remote_addr;
    # things that match cloudflare
    10.0.0.0/8 "";
  }

except that "geo" does not expand $variables.

So instead, use "geo" to set a flag, and then use "map" to set the value
you want:

  geo $use_new_variable {
    default 1;
    # things that match cloudflare
    10.0.0.0/8 0;
  }

  map $use_new_variable $new_variable {
    default $binary_remote_addr;
    0 "";
  }

(Other possibilities exist.)

	f
-- 
Francis Daly        francis at daoine.org



More information about the nginx mailing list