limit_req applied to upstream auth_request requests?

jarstewa nginx-forum at
Tue Jul 17 17:08:13 UTC 2018

Hi,  I currently have an nginx configuration that uses the limit_req
directive to throttle upstream content requests. Now I'm trying to add
similar rate limiting for auth requests, but I haven't been able to get the
auth throttle to kick in during testing (whereas the content throttle works
as expected).  Is there some known limitation of using limit_req against
auth_request requests, or do I simply have a problem in my configuration? 
Thank you.

http {

 map $request_uri $guid {
     default "unknown";
     ~^/out/(?P<id>.+?)/.+$ $id;

  map $http_x_forwarded_for $last_client_ip {
     default $http_x_forwarded_for;
     ~,\s*(?P<last_ip>[\.\d]+?)\s*$ $last_ip;

  limit_req_zone $guid zone=content:20m rate=500r/s;
  limit_req_zone $guid zone=auth:20m rate=100r/s;

  server {

    location /out/ {
      auth_request       /auth;

      proxy_pass         $upstream_server;
      proxy_cache        content_cache;
      set $cache_key "${request_path}";
      proxy_cache_key    $cache_key;
      proxy_cache_valid  200 301 302  10s;

      #Throttling works here <---
      limit_req zone=content burst=50 nodelay;
      limit_req_status 429;

    location /auth {

      proxy_pass_request_body off;
      proxy_pass  $upstream_server/auth?id=$guid&requestor=$last_client_ip;

      proxy_cache        auth_cache;
      set $auth_cache_key "${guid}|${last_client_ip}";
      proxy_cache_key    $auth_cache_key;
      proxy_cache_valid  200 301 302  5m;
      proxy_cache_valid  401 403 404  5m;

      #Throttling seems not to work here <---
      limit_req zone=auth burst=50 nodelay;
      limit_req_status 429;

Posted at Nginx Forum:,280554,280554#msg-280554

More information about the nginx mailing list