limit_req_zone limit by location/proxy
Justin Deltener
jdeltener at realtruck.com
Wed Nov 13 03:24:57 UTC 2013
For the life of me I can't seem to get my configuration correct to limit
requests. I'm running nginx 1.5.1 and have it serving up static content and
pushing all non-existent requests to the apache2 proxy backend for serving
up. I don't want to limit any requests to static content but do want to
limit requests to the proxy. It seems no matter what I put in my
configuration I continue to see entries in the error log for ip addresses
which are not breaking the rate limit.
2013/11/12 20:55:28 [warn] 10568#0: *1640292 delaying request, excess:
0.412, by zone "proxyzone" client ABCD
I've tried using a map in the top level like so
limit_req_zone $limit_proxy_hits zone=proxyzone:10m rate=4r/s;
map $request_filename $limit_proxy_hits
{
default "";
~/$ $binary_remote_addr; (only limit filename requests ending in
slash as we may have something.php which should not be limited)
}
yet when i look at the logs, ip ABCD has been delayed for a url ending in
slash BUT when i look at all proxy requests for the IP, it is clearly not
going over the limit. It really seems that no matter what, the
limit_req_zone still counts static content against the limit or something
else equally as confusing.
I've also attempted
limit_req_zone $limit_proxy_hits zone=proxyzone:10m rate=4r/s;
and then use $limit_proxy_hits inside the server/location
server
{
set $limit_proxy_hits "";
location /
{
set $limit_proxy_hits $binary_remote_addr;
}
}
and while the syntax doesn't bomb, it seems to exhibit the exact same
behavior as above as well.
ASSERT:
a) When i clearly drop 40 requests from an ip, it clearly lays the smack
down on a ton of requests as it should
b) I do a kill -HUP on the primary nginx process after each test
c) I keep getting warnings on requests from ip's which are clearly not
going over the proxy limit
d) I have read the leaky-bucket algorithm and unless i'm totally missing
something a max of 4r/s should always allow traffic until we start to go
OVER 4r/s which isn't the case.
The documentation doesn't have any real deep insight into how this works
and I could really use a helping hand. Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20131112/f6641a24/attachment.html>
More information about the nginx
mailing list