How to limit POST request per ip ?

Maxim Dounin mdounin at
Fri May 9 04:23:18 UTC 2014


On Tue, May 06, 2014 at 03:16:09PM -0700, Jeroen Ooms wrote:

> On Sat, Apr 5, 2014 at 3:07 PM, Maxim Dounin <mdounin at> wrote:
> >
> > we need something like
> >
> >     limit_req_zone $limit zone=one:10m rate=1r/s;
> >
> > where the $limit variables is empty for non-POST requests (as we
> > don't want to limit them), and evaluates to $binary_remote_addr
> > for POST requests.
> A follow-up question: are requests that hit the cache counted in the
> limit_req_zone? I would like to enforce a limit on the POST requests
> that actually hit the back-end; I don't mind additional requests that
> hit the cache.

Limits are checked (and counted) before a request is passed to a 
content handler, hence all requests are counted, both cached and 
not.  If you want to limit only requests which aren't cached, you 
may do so, e.g., by adding an additional proxy layer with 

Maxim Dounin

More information about the nginx mailing list