limit_req with IP whitelisting
Maxim Dounin
mdounin at mdounin.ru
Wed Jul 6 21:27:07 MSD 2011
Hello!
On Wed, Jul 06, 2011 at 12:27:57PM -0400, LeMaitre wrote:
> Hi folks,
>
> 1)
> I want to use limit_req with whitelisting some subnet, I have seen this
> post: http://forum.nginx.org/read.php?21,200815,200815#msg-200815 and
> done some test but it's not working.
And not expected to: it's only design idea. It wasn't (yet?)
implemented.
> I have added to server context:
>
> geo $rate {
> default 5; # 5r/s
> 10.0.0.0/24 -;
> 192.168.0.0/24 -;
> 10.1.0.0 -;
> }
>
> limit_req_zone $binary_remote_addr zone=ratezone:10m rate=$rate;
> limit_req zone=ratezone burst=10 nodelay;
>
> And I receive as error: nginx: [emerg] invalid rate "rate=$rate"
>
> Any idea how to fix this issue?
Right now you may try something like this:
geo $nolimit {
default 0;
10.0.0.0/24 1;
192.168.0.0/24 1;
}
limit_req_zone $binary_remote_addr zone=ratezone:10m rate=5r/s;
server {
...
location / {
error_page 418 = @nolimit;
if ($nolimit) {
return 418;
}
limit_req zone=ratezone burst=10 nodelay;
# ...
}
location @nolimit {
# ... no limit_req here
}
}
This will process requests in "location /" by default with
limit_req set, though users with ip addresses you specify will go
to "location @nolimit" where there are no limit_req.
> 2) Is it possible to use limit_req for a single domaine "$host"?
Just define it in an appropriate server{} block.
Maxim Dounin
More information about the nginx
mailing list