limit-req and greedy UAs

Grant emailgrant at
Sun Sep 11 12:36:24 UTC 2016

> ‎Since this limit is per IP, is the scenario you stated really a problem? Only that IP is effected. Or as is often the case, did I miss something?

The idea (which I used bad examples to illustrate) is that some
mainstream browsers make a series of requests for files which don't
necessarily exist.  Too many of those requests triggers limiting even
though the user didn't do anything wrong.

- Grant

> Has anyone considered the problem of legitimate UAs which request a
> series of files which don't necessarily exist when they access your
> site? Requests for files like robots.txt, sitemap.xml,
> crossdomain.xml, apple-touch-icon.png, etc could quickly cause the UA
> to exceed the limit-req burst value. What is the right way to deal
> with this?
> - Grant

More information about the nginx mailing list