My module is overriding the rate limiting module status for POST requests.
mdounin at mdounin.ru
Sun Dec 4 20:19:20 UTC 2022
On Sun, Dec 04, 2022 at 08:00:04PM +0000, Jeremy Cocks via nginx wrote:
> > Your observation is wrong. Rate limiting as implemented in the
> > limit_req module does not distinguish between different request
> > methods and always works after reading the request header
> Sorry, I wasn't clear there. It kicks in for POST requests without my
> module ;)
So, it looks like your module breaks something.
> > does not distinguish between different request methods and always works
> after reading the request headers.
> I am assuming, given the request I am testing, is on a proxy_pass which is
> a content handler, that has something to do with why rate limiting is not
> working on POST and not GET here?
> If I remove the location block and just have my module and rate limiting
> going without a proxy_pass, it seems to be working fine for all requests.
It's hard to say anything beyond that your module breaks something
without seeing your module's code and the configuration you are
trying to use.
A properly implemented auth module, as already suggested, should
work in the access phase, and wouldn't interfere with any rate
limits, since rate limiting happens before the auth module ever
sees a request.
More information about the nginx