limit_conn_zone using $http_ variable not working?

Alan Jackson alan.jackson at
Thu May 5 23:54:56 UTC 2022


I'm trying to use rate limiting on an nginx mail proxy->nginx fastcgi backend to restrict the number of concurrent connections from a client's IP. Unfortunately, I can't use proxy_protocol on the mail proxy side due to the nginx version not supporting it. 

Using debug logging, I know that the nginx mail proxy is passing through an http header 'Client-IP' which contains the originating client IP.

I've confirmed that in the http backend, the variable $http_client_ip contains the originating request's client ip ($binary_remote_addr just contains due to the proxy), and that setting a return http header using this variable works just fine.

However, when I try to use limit_conn_zone with the $http_client_ip variable, it is not behaving as I expect:

"limit_conn_zone $http_client_ip zone=perip:10m;" 

Results in log lines like:

"limiting connections, dry run, by zone "perip", client:, server: _, request: "GET /mail_auth.php HTTP/1.0" 

which doesn't look like the variable is being instantiated properly (client is still

Is using an $http_ variable expected to work in a limit_conn_zone config like this?

Alan Jackson   | Systems Administrator
NetValue Limited

More information about the nginx mailing list