HTTP status 429 instead of 503 on throttled requests
Kaisersberger, Klaus
Klaus.Kaisersberger at ksb.com
Wed Feb 17 19:37:42 UTC 2021
Hello!
While I am still not sure if it is a good idea to default to not to honor the same RFCs the whole internet is basically built on, your configuration option link will perfectly help us out in our scenario. Thank you!--Klaus
-----Original Message-----
From: nginx-devel <nginx-devel-bounces at nginx.org> On Behalf Of Maxim Dounin
Sent: Wednesday, February 17, 2021 8:27 PM
To: nginx-devel at nginx.org
Subject: Re: HTTP status 429 instead of 503 on throttled requests
++++++ !!! EXTERNAL MESSAGE: PLEASE USE CAUTION BEFORE OPENING LINKS OR ATTACHMENTS !!! ++++++
Hello!
On Wed, Feb 17, 2021 at 06:56:36PM +0000, Kaisersberger, Klaus wrote:
> Hi there
>
> nginx responds with 503 for requests discarded due to throttling (https://smex-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2fwww.nginx.com%2fblog%2frate%2dlimiting%2dnginx%2f&umid=e37e541a-9aed-4fb6-94d6-f67c2e9a122b&auth=a7091ace1f2cd12c20469ba3f18a84072a5d0059-289691262c69ae7106e6fa6c2f3cf889b2deb14b).
> This seems to contradict https://smex-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2ftools.ietf.org%2frfc%2frfc6585.txt&umid=e37e541a-9aed-4fb6-94d6-f67c2e9a122b&auth=a7091ace1f2cd12c20469ba3f18a84072a5d0059-5235c3e1a3c12049cfb2e2cbcf8269fef99ed341, that recommends 429 (Too Many Requests) instead.
>
> Should nginx be adjusted?
There are no such plans, in particular, because it is generally a
bad idea to report to an attacker that the attack was detected and
being mitigated.
If you think that in your particular case returning 429 is a good
idea, you can adjust your configuration by using the
limit_req_status directive (https://smex-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=http%3a%2f%2fnginx.org%2fr%2flimit%5freq%5fstatus&umid=e37e541a-9aed-4fb6-94d6-f67c2e9a122b&auth=a7091ace1f2cd12c20469ba3f18a84072a5d0059-f4eba0c1d2b86bcf8e88dc3f7ec6bc12dd385b95).
--
Maxim Dounin
https://smex-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=http%3a%2f%2fmdounin.ru&umid=e37e541a-9aed-4fb6-94d6-f67c2e9a122b&auth=a7091ace1f2cd12c20469ba3f18a84072a5d0059-76080fd5dbe5d1332f0ef9d013b7f4617fe7a393
_______________________________________________
nginx-devel mailing list
nginx-devel at nginx.org
https://smex-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=http%3a%2f%2fmailman.nginx.org%2fmailman%2flistinfo%2fnginx%2ddevel&umid=e37e541a-9aed-4fb6-94d6-f67c2e9a122b&auth=a7091ace1f2cd12c20469ba3f18a84072a5d0059-f05a999bad8951d93c94ed23ddc8be65422e2023
More information about the nginx-devel
mailing list