limit_req and IP white listing on 0.8.55

nauger nginx-forum at nginx.us
Tue Apr 30 23:25:22 UTC 2013


Hello!

I've followed this reference:

http://forum.nginx.org/read.php?2,228956,228961#msg-228961

To produce the following config:
http {
        geo $public_vs_our_networks {
                default             1;
                127.0.0.1/32        0;
                ... my networks ...
        }
        map $public_vs_our_networks $limit_public {
                1   $binary_remote_addr;
                0   "";
        }
        limit_req_zone $limit_public zone=public_facing_network:10m
rate=40r/m;
        ...
        server {
                ...
                location / {
                        ...
                        limit_req zone=public_facing_network burst=5
nodelay;
                        ...
                        proxy_pass http://my_upstream;
                }                
        }
}

Unfortunately-- my error logs quickly filled up with clients who were
incorrectly rate limited.  It was as if this configuration created 1 bucket
for ALL the public facing clients, as opposed to individually bucketing each
public client by their $binary_remote_addr.  Please advise on what I might
be missing.

Thanks for your help!

-Nick

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,238757,238757#msg-238757



More information about the nginx mailing list