limit-req and greedy UAs
emailgrant at gmail.com
Sun Sep 11 12:36:24 UTC 2016
> Since this limit is per IP, is the scenario you stated really a problem? Only that IP is effected. Or as is often the case, did I miss something?
The idea (which I used bad examples to illustrate) is that some
mainstream browsers make a series of requests for files which don't
necessarily exist. Too many of those requests triggers limiting even
though the user didn't do anything wrong.
> Has anyone considered the problem of legitimate UAs which request a
> series of files which don't necessarily exist when they access your
> site? Requests for files like robots.txt, sitemap.xml,
> crossdomain.xml, apple-touch-icon.png, etc could quickly cause the UA
> to exceed the limit-req burst value. What is the right way to deal
> with this?
> - Grant
More information about the nginx