limit_req and IP white listing on 0.8.55
Maxim Dounin
mdounin at mdounin.ru
Wed May 1 00:12:17 UTC 2013
Hello!
On Tue, Apr 30, 2013 at 07:25:22PM -0400, nauger wrote:
> Hello!
>
> I've followed this reference:
>
> http://forum.nginx.org/read.php?2,228956,228961#msg-228961
>
> To produce the following config:
> http {
> geo $public_vs_our_networks {
> default 1;
> 127.0.0.1/32 0;
> ... my networks ...
> }
> map $public_vs_our_networks $limit_public {
> 1 $binary_remote_addr;
> 0 "";
> }
> limit_req_zone $limit_public zone=public_facing_network:10m
> rate=40r/m;
> ...
> server {
> ...
> location / {
> ...
> limit_req zone=public_facing_network burst=5
> nodelay;
> ...
> proxy_pass http://my_upstream;
> }
> }
> }
>
> Unfortunately-- my error logs quickly filled up with clients who were
> incorrectly rate limited. It was as if this configuration created 1 bucket
> for ALL the public facing clients, as opposed to individually bucketing each
> public client by their $binary_remote_addr. Please advise on what I might
> be missing.
Variables can be used as a result of a map only in nginx 0.9.0+,
see http://nginx.org/r/map. You have to upgrade for the above to
work.
--
Maxim Dounin
http://nginx.org/en/donation.html
More information about the nginx
mailing list