Throttle requests with limit_req rate based on header from response to auth subrequest

Francis Daly francis at
Thu Aug 30 08:09:16 UTC 2018

On Wed, Aug 29, 2018 at 07:14:01PM -0400, jarstewa wrote:

Hi there,

I do not know the answer, and I have not tested the code you provided.

But, one suggestion which might be quick for you to test:

what happens if you change all of your variable names so that they do
not start with a digit?

As in: rename $2X_key to be (for example) $a2X_key.

It is possible that "$2X_key" will be expanded as "X_key" when $2 has
no value.

> >   # Throttle zones based on the results of the above mapping
> >   limit_req_zone $2X_key zone=2x_zone:20m rate=10r/s;
> >   limit_req_zone $3X_key zone=3x_zone:20m rate=100r/s;
> >   limit_req_zone $2X_key_from_upstream zone=2x_zone_from_upstream:20m
> rate=10r/s;
> >   limit_req_zone $3X_key_from_upstream zone=3x_zone_from_upstream:20m
> rate=100r/s;

If the first limit_req_zone argument is true in each case, the lowest rates is
on the first one, so that is the one that will always take effect.

Francis Daly        francis at

More information about the nginx mailing list