exception for NGINX limit_req_zone

Sat Jul 21 20:08:20 UTC 2012

On Sat, Jul 21, 2012 at 10:26:23AM +0800, fhal wrote:

Hi there,

> I tried to use map, but it doesn't work. Below is the settings.

It seems to work for me, in a slightly different test:

>     map $arg_mod $forum_limit {
>         default  $binary_remote_addr;
>         image    '';
>         }
>     limit_conn_zone  $forum_limit  zone=addr:128m;
>     limit_req_zone  $forum_limit  zone=refresh:128m   rate=3r/s;

I use "rate=1r/m", because that makes it very easy to see that things
are being blocked or not. But otherwise, those 6 lines are in nginx.conf.

server {
    location = /file {
        limit_req zone=refresh burst=2 nodelay;
    }
}

Now test:

for i in a b c d; do curl http://127.0.0.1:8000/file?mod=im; sleep 1; done

gives me "file contents" 3 times, and then the 503 Service Temporarily
Unavailable message.

for i in a b c d; do curl http://127.0.0.2:8000/file?mod=im; sleep 1; done

is the same, while

for i in a b c d; do curl http://127.0.0.1:8000/file?mod=image; sleep 1; done

gives me "file contents" 4 times. Repeat the first command, and I get
503 4 times; repeat the last, and I get "file contents" 4 times.

That looks to me like the thing is restricted by ip address to 1 request
per minute, bursting to 2 extra; unless "mod=image" is included, in
which case there is no restriction.

Note that I haven't tested limit_conn here, just limit_req, because that
is easier to build a test case for.

Does that test work or fail for you?

When I repeat the test with a fastcgi_pass configuration, instead of just
loading a file, I see the same results.

All the best,

	f
-- 
Francis Daly        francis at daoine.org