[PATCH] Added additional parameter "r/h" (requests per hour)
Maxim Dounin
mdounin at mdounin.ru
Wed Dec 27 12:28:40 UTC 2017
Hello!
On Wed, Dec 27, 2017 at 12:45:45PM +0200, aspel at ukr.net wrote:
> # HG changeset patch
> # User aspel <aspel at ukr.net>
> # Date 1514370676 0
> # Wed Dec 27 10:31:16 2017 +0000
> # Node ID a24cb7e952ae4db04e133fa8f3ad7b51703e03d5
> # Parent 32dd4fc94fba998762aaec65652ad8d554052fc8
> Added additional parameter "r/h" (requests per hour)
>
>
> This additional parameter will help protect a server from brute-force.
>
> In which thousands of IP addresses participate.
>
>
> diff -r 32dd4fc94fba -r a24cb7e952ae src/http/modules/ngx_http_limit_req_module.c
> --- a/src/http/modules/ngx_http_limit_req_module.c Tue Dec 26 19:01:12 2017 +0300
> +++ b/src/http/modules/ngx_http_limit_req_module.c Wed Dec 27 10:31:16 2017 +0000
> @@ -801,6 +801,10 @@
> } else if (ngx_strncmp(p, "r/m", 3) == 0) {
> scale = 60;
> len -= 3;
> +
> + } else if (ngx_strncmp(p, "r/h", 3) == 0) {
> + scale = 3600;
> + len -= 3;
> }
>
>
> rate = ngx_atoi(value[i].data + 5, len - 5);
This won't work as scale is limited to 1000 by the storage
granularity, see
ctx->rate = rate * 1000 / scale;
below in the same function. That is, rate=1r/h will actually mean
zero rate.
See also https://trac.nginx.org/nginx/ticket/68.
--
Maxim Dounin
http://mdounin.ru/
More information about the nginx-devel
mailing list