My module is overriding the rate limiting module status for POST requests.

Maxim Dounin mdounin at mdounin.ru
Sun Dec 4 20:19:20 UTC 2022


Hello!

On Sun, Dec 04, 2022 at 08:00:04PM +0000, Jeremy Cocks via nginx wrote:

> > Your observation is wrong.  Rate limiting as implemented in the
> > limit_req module does not distinguish between different request
> > methods and always works after reading the request header
> 
> Sorry, I wasn't clear there. It kicks in for POST requests without my
> module ;)

So, it looks like your module breaks something.

> > does not distinguish between different request methods and always works
> after reading the request headers.
> 
> I am assuming, given the request I am testing, is on a proxy_pass which is
> a content handler,  that has something to do with why rate limiting is not
> working on POST and not GET here?
> If I remove the location block and just have my module and rate limiting
> going without a proxy_pass, it seems to be working fine for all requests.

It's hard to say anything beyond that your module breaks something 
without seeing your module's code and the configuration you are 
trying to use.

A properly implemented auth module, as already suggested, should 
work in the access phase, and wouldn't interfere with any rate 
limits, since rate limiting happens before the auth module ever 
sees a request.

-- 
Maxim Dounin
http://mdounin.ru/



More information about the nginx mailing list