Exclude ip's from Nginx limit_req zone

Maxim Dounin mdounin at mdounin.ru
Thu Dec 25 13:12:51 UTC 2014


Hello!

On Wed, Dec 24, 2014 at 02:36:50PM -0500, ASTRAPI wrote:

> Thanks for your reply Maxim Dounin
> 
> So something like this ? :
> 
> Main nginx conf:
> 
> http {
> 
>     geo $limited {
>         default           1;
>         192.168.45.56/32  0;
>         199.27.128.0/21  0;
>         173.245.48.0/20  0;
>         103.21.244.0/22  0;
>         103.22.200.0/22  0;
>         103.31.4.0/22  0;
>         141.101.64.0/18  0;
>         108.162.192.0/18  0;
>         190.93.240.0/20  0;
>         188.114.96.0/20  0;
>         197.234.240.0/22  0;
>         198.41.128.0/17  0;
>         162.158.0.0/15  0;
>         104.16.0.0/12  0;
>     }
> 
>     map $limited $limit {
>         1        $binary_remote_addr;
>         0        "";
>     }
> 
> 
> And this on the domain config? :
> 
> server {
> 
>     limit_req_zone $limit zone=foo:1m rate=10r/m;
>     limit_req zone=foo burst=5;

The limit_req_zone can be used only at http{} level, so you'll 
have to move it to http{} block, see here for docs:

http://nginx.org/r/limit_req_zone

The limit_req directive can be used at http, server, or location 
level.  It's up to your specific setup requirements where to use 
it.  In many cases it's good idea to protect only expensive 
resources like proxying to backends.

-- 
Maxim Dounin
http://nginx.org/



More information about the nginx mailing list