limit-req and greedy UAs

lists at lazygranch.com lists at lazygranch.com
Sun Sep 11 14:30:38 UTC 2016


I suspect you are referring to the countless variations on the favicon, with Apple being the worst offender since they have many "touch" files. Android has them too. Just make the files. They don't have to be works of art. 

http://iconifier.net/
One of many generators.

Clearly Apple has no respect for the webmaster. But Microsoft has gone one step beyond that, requiring some sort of XML file. 

‎https://msdn.microsoft.com/en-us/library/dn320426(v=vs.85).aspx

The good news is you don't get many requests for that XML. 

There are many schemes to keep these files out of your logs.
https://github.com/h5bp/server-configs/issues/132
I look at my logs with scripts, so I haven't bothered to do this, but it is probably good advice.

Are there other files browsers request?



  Original Message  
From: Grant
Sent: Sunday, September 11, 2016 5:36 AM
To: nginx at nginx.org
Reply To: nginx at nginx.org
Subject: Re: limit-req and greedy UAs

> ‎Since this limit is per IP, is the scenario you stated really a problem? Only that IP is effected. Or as is often the case, did I miss something?


The idea (which I used bad examples to illustrate) is that some
mainstream browsers make a series of requests for files which don't
necessarily exist. Too many of those requests triggers limiting even
though the user didn't do anything wrong.

- Grant


> Has anyone considered the problem of legitimate UAs which request a
> series of files which don't necessarily exist when they access your
> site? Requests for files like robots.txt, sitemap.xml,
> crossdomain.xml, apple-touch-icon.png, etc could quickly cause the UA
> to exceed the limit-req burst value. What is the right way to deal
> with this?
>
> - Grant

_______________________________________________
nginx mailing list
nginx at nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx



More information about the nginx mailing list