limit_req applied to upstream auth_request requests?
jarstewa
nginx-forum at forum.nginx.org
Tue Jul 17 21:23:44 UTC 2018
Maxim Dounin Wrote:
-------------------------------------------------------
> Hello!
> ...
> Note well that this configuration implies that every request to
> "/out/..." will generate a subrequest to "/auth". As such, you
> can safely move the "limit_req zone=auth ..." limit to "location
> /out/", as results will be (mostly) identical.
The example I've posted is a simplified version of my actual configuration.
In reality I have several locations similar to /out/, each with a separate
throttle rate.
> Note well that auth subrequest is expected to return either 2xx,
> or 401, or 403. Anything else, including 429 you are trying to
> configure in the provided snippet, will be considered an error, and
> nginx will return 500 to the client.
Ok, good point. So I should expect to receive a 500 from the client for a
request whose authentication subrequest was throttled (and thus returned
429). But I don't actually see this happening. The nginx log contains only
throttle events from the content throttle, and the client receives 200s
until the throttling 429s kick in.
So, I think you seem to be suggesting that throttling /auth should not be
necessary, and may in fact be a bad idea. But I would still like to
understand why it isn't working as I would expect.
Thanks again,
Jared
Posted at Nginx Forum: https://forum.nginx.org/read.php?2,280554,280559#msg-280559
More information about the nginx
mailing list