Understanding HttpLimitReqModule
Adrian von Stechow
adrian at stechow.org
Fri Feb 25 13:04:34 MSK 2011
Hi all:
I'm trying to understand the HttpLimitReqModule, the wiki is a bit
unverbose about the terminology.
I'm trying to mimic Apache's mod_evasive module, specifically there is
an annoying user that likes to request the same image once every
second for hours at a time. I would like to log this and then use
fail2ban to block the IP for a specific time. The problem is that the
image in question is a legitimate request that shows up on every page
of the site in question. What I had in mind:
limit_req_zone $binary_remote_addr zone=one:1m rate=50r/m;
#offending user: 60r/m
server {
location = /path/to/image.jpg {
limit_req zone=one burst=???;
limit_req_log_level error
}
The problem is the low rate with which the offending requests are
made. mod_evasive lets you set up a timespan in which a specific
number of requests are made, while nginx checks "online" if a second
request is made after 1/rate. In my case (1 offending request per
second), legitimate users would be blocked if they load 2 pages in one
second, which of course happens frequently.
Any suggestions?
Thanks,
Adrian
More information about the nginx
mailing list