<div dir="ltr">For the life of me I can't seem to get my configuration correct to limit requests. I'm running nginx 1.5.1 and have it serving up static content and pushing all non-existent requests to the apache2 proxy backend for serving up. I don't want to limit any requests to static content but do want to limit requests to the proxy. It seems no matter what I put in my configuration I continue to see entries in the error log for ip addresses which are not breaking the rate limit.<div>
<br></div><div>2013/11/12 20:55:28 [warn] 10568#0: *1640292 delaying request, excess: 0.412, by zone "proxyzone" client ABCD</div><div><br></div><div>I've tried using a map in the top level like so</div><div>
<br></div><div><div> limit_req_zone $limit_proxy_hits zone=proxyzone:10m rate=4r/s;</div><div><br></div><div><div> map $request_filename $limit_proxy_hits</div><div> {</div><div> default "";</div><div>
~/$ $binary_remote_addr; (only limit filename requests ending in slash as we may have something.php which should not be limited)</div><div> }</div></div><div><br></div><div>yet when i look at the logs, ip ABCD has been delayed for a url ending in slash BUT when i look at all proxy requests for the IP, it is clearly not going over the limit. It really seems that no matter what, the limit_req_zone still counts static content against the limit or something else equally as confusing.</div>
<div><br></div><div>I've also attempted</div><div><br></div><div>limit_req_zone $limit_proxy_hits zone=proxyzone:10m rate=4r/s;<br></div><div><br></div><div>and then use $limit_proxy_hits inside the server/location</div>
<div><div><br></div><div>server</div><div>{</div><div> set $limit_proxy_hits "";</div><div><br></div><div> location / </div><div> {</div><div> set $limit_proxy_hits $binary_remote_addr;</div><div>
}</div><div>}</div><div><br></div><div>and while the syntax doesn't bomb, it seems to exhibit the exact same behavior as above as well.</div><div><br></div><div>ASSERT:</div><div><br></div><div>a) When i clearly drop 40 requests from an ip, it clearly lays the smack down on a ton of requests as it should</div>
<div>b) I do a kill -HUP on the primary nginx process after each test</div><div>c) I keep getting warnings on requests from ip's which are clearly not going over the proxy limit</div><div>d) I have read the leaky-bucket algorithm and unless i'm totally missing something a max of 4r/s should always allow traffic until we start to go OVER 4r/s which isn't the case.</div>
<div><br></div><div>The documentation doesn't have any real deep insight into how this works and I could really use a helping hand. Thanks!</div><div><br></div><div><br></div>
</div></div></div>