limit requests and CORS Policy

Francis Daly francis at
Sat Dec 26 19:10:19 UTC 2020

On Fri, Dec 18, 2020 at 06:54:57PM +0500, Ali Mohsin wrote:

Hi there,

> I have achieved this with the following code
> limit_req_zone $binary_remote_addr$v1 zone=mylimit:10m rate=3r/s;
> location ~ "^/api/(?<v1>)$" {
> limit_req zone=mylimit;
> but i'm unable to set my CORS in headers and my APIs are inaccessible.

Where are you trying to set your CORS in headers? In this location{}
block, or in a different one? Or in a server{} block?

What request are you making that is handled in this location{} block?

I'd expect something like a ".*" in the regex to have it match everything
that starts with /api/.


Francis Daly        francis at

More information about the nginx mailing list