rate limit with good bot IPs whitelisted

Oleksandr V. Typlyns'kyi wangsamp at gmail.com
Sat Nov 22 19:58:45 UTC 2014


Today Nov 22, 2014 at 09:42 neubyr wrote:

> >  It will not work as you expect.
> >  Geo does not support variables in values.
> >  You need something like this:
> >  geo $whitelist {
> >      default 0;
> >      127.0.0.1 1;
> >      ...
> >  }
> >  map $whitelist $rate_limit_ip {
> >      default $binary_remote_addr;
> >      1       "";
> >  }
> >
> >
> I am not sure how, but it's working only with geo defining IP addresses. I
> can see HTTP 503 on client side and also 'limiting requests, excess: 10.033
> by zone' in error logs. Nginx version: nginx/1.6.0
> 
>     geo $rate_limit_ip {
>         default $binary_remote_addr;
>         127.0.0.1 1;
>         10.0.0.0/8 1;
>     }

  You define key "$binary_remote_addr"(string, not variable) and clients 
  share one limit for all.

> I was wondering if remote ip's hostname lookup can be done before
> rate-limiting it. For example, I don't want to block IPs coming from
> baidu.com. Can I do such IP-hostname lookup before rate-limiting? Will it
> efficient or what are other options?

  Nginx does not lookup remote hostnames at all.

-- 
WNGS-RIPE



More information about the nginx mailing list