Exclude ip's from Nginx limit_req zone
Francis Daly
francis at daoine.org
Sun Dec 21 14:39:54 UTC 2014
On Sat, Dec 20, 2014 at 06:18:03PM -0500, ASTRAPI wrote:
Hi there,
> limit_conn_zone $binary_remote_addr zone=alpha:8m;
> limit_req_zone $binary_remote_addr zone=delta:8m rate=40r/s;
> limit_conn alpha 5;
> limit_req zone=delta burst=80 nodelay;
> Now i want to exclude Cloudflare ip's from this connection limits.
Instead of using $binary_remote_addr, use a $new_variable which is empty
for Cloudflare IPs and equal to $binary_remote_addr for other IPs.
Ideally, something like
geo $new_variable {
default $binary_remote_addr;
# things that match cloudflare
10.0.0.0/8 "";
}
except that "geo" does not expand $variables.
So instead, use "geo" to set a flag, and then use "map" to set the value
you want:
geo $use_new_variable {
default 1;
# things that match cloudflare
10.0.0.0/8 0;
}
map $use_new_variable $new_variable {
default $binary_remote_addr;
0 "";
}
(Other possibilities exist.)
f
--
Francis Daly francis at daoine.org
More information about the nginx
mailing list