whitelist 'notabot' not working in limit_conn
Maxim Dounin
mdounin at mdounin.ru
Mon Aug 4 15:06:06 UTC 2014
Hello!
On Sun, Aug 03, 2014 at 01:28:45PM -0600, Alex Flex wrote:
> Iam trying to whitelist some IPs in the geo #connlimit1 so that the
> limit_conn doesnt apply to it. For some reason its not working... those ips
> are always being limited. I must be doing something obviously wrong guidance
> appreciated.
>
>
> Alex
>
>
> server {
>
> geo $connlimit1 {
> default 1;
> #whitelist client
> 21.199.62.74/32 0;
> 5.97.162.77/32 0;
> }
> limit_conn_zone $binary_remote_addr zone=connlimit1:10m;
> }
>
> http {
> location / { limit_conn connlimit1 8; ....; }
> }
There are no whitelisting in your configuration. The
limit_conn_zone directive uses the $binary_remote_addr variable,
which is always set. To whitelist some ips, you have to use a
variable which is empty for whitelisted addresses (empty values
are not accounted, see http://nginx.org/r/limit_conn_zone).
Example:
geo $whitelist {
default 0;
127.0.0.1 1;
}
map $whitelist $limit {
0 $binary_remote_address;
1 "";
}
limit_conn_zone $limit zone=connlimit:10m;
limit_conn connlimit 8;
--
Maxim Dounin
http://nginx.org/
More information about the nginx
mailing list