[nginx] Using User-Agent & IP address to rate limit

B.R. reallfqq-nginx at yahoo.fr
Mon Jul 28 16:16:27 UTC 2014


On Mon, Jul 28, 2014 at 5:35 PM, lorenanicole <nginx-forum at nginx.us> wrote:

> The concern here is if there is a way to redirect the rewritten uri without
> having to break out and start processing the request again (argument last)?
> Additionally, is the setting of zone's using the IP address as the key the
> proper way to control these different rate limiting and burst thresholds?
>

I am no expert, but in my own eyes, I would have avoided using:
1°) A series of 'if' which behavior might be clumsy
2°) Redirections which kind of 'cut the flow'

What I would have done:
1°) Defining all the log_format stuff at the http level: the sooner, the
better

2°) Replacing the if series with a map (also in http) like the following:
map $http_user_agent $language {
    Java/* java
...
    "" etc
    default none
}

3°) Using the output of the first map as the input of two others to define
zone and burst amount, like:
map $language $zone {
    java one
}

map $language $burst {
    java 140
}

4°) Processing all the requests in the default location :
location / {
    root html;
    index index.html;

    if($language != none) {
        limit_req zone=$zone burst=$burst;

        access_log /var/log/nginx/access.log $language;
        proxy_pass https://example.com;
    }

...
}

All that is not error-proof, coming straight outta my mind with no
testing... but you get the general idea.
---
*B. R.*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20140728/3d7f03e7/attachment.html>


More information about the nginx mailing list