How to limit POST request per ip ?

Maxim Dounin mdounin at mdounin.ru
Sat Apr 5 22:07:55 UTC 2014


Hello!

On Sat, Apr 05, 2014 at 07:54:21AM -0400, justcyber wrote:

> How to limit POST request per ip ?
> 
> Need some of:
> 
>   limit_except POST {

Just a side note: "limit_except POST" means the opposite to what 
you ask above.

>     limit_req zone=postlimit burst=10 nodelay;
>   }

It is possible to limit only subset of requests by using 
the fact that limit_req doesn't limit anything if it's 
variable evaluates to an empty string, see 
http://nginx.org/r/limit_req_zone.

That is, instead of

    limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;

we need something like

    limit_req_zone $limit zone=one:10m rate=1r/s;

where the $limit variables is empty for non-POST requests (as we 
don't want to limit them), and evaluates to $binary_remote_addr 
for POST requests.  Such a variable can be easily constructed 
using the map module (see http://nginx.org/r/map): 

    map $request_method $limit {
        default         "";
        POST            $binary_remote_addr;
    }

-- 
Maxim Dounin
http://nginx.org/



More information about the nginx mailing list