Throttle requests with limit_req rate based on header from response to auth subrequest

Francis Daly francis at
Fri Aug 31 11:09:08 UTC 2018

On Thu, Aug 30, 2018 at 08:13:33PM -0400, jarstewa wrote:

Hi there,

For what it's worth:

> 1) The limit_req directive is being processed before the auth subrequest
> 2) Therefore, when the limit_req is present, the mapped variables are empty
> since the header from the auth request is not present.  But when limit_req
> is removed, the mapped variables are evaluated by the access_log, which
> happens after the auth subrequest has been made.
> Can anyone kindly confirm or reject this theory? 

I'm pretty sure that that is what is happening.

In the mail thread you linked to originally, the limit_req part was
being calculated based on something in the request.

You are trying to calculate it based on something not in the request.

I don't have a suggested solution.


Francis Daly        francis at

More information about the nginx mailing list