I would like to limit some nginx location and avoid two parallel FastCGI threads for the same POST data ($request_body).
I've added a limit connection zone and configured connection limit on a location:
log_format postdata '$remote_addr - $remote_user [$time_local] '
'"$request" $status $bytes_sent '
'"$http_referer" "$http_user_agent" "$request_body" /$upstream_cache_status/';
limit_conn_zone $request_body zone=tco_body:10m;
server {
.....
access_log /var/log/nginx/www.example.com_access.log postdata;
location ~ ^/billing/modules/gateways/callback/tco.php$ {
client_body_buffer_size 16m;
limit_conn tco_body 1;
limit_conn_log_level info;
limit_conn_status 429;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
client_max_body_size 64M;
fastcgi_pass 127.0.0.1:9901;
}
but unfortunately nginx still can accept and send to php-fpm backend two requests with the same POST data at the same moment.
Nginx logs $request_body correctly when limit_conn is disabled. But I have noticed another weird behavior - access log doesn't contain $request_body when limit_conn is enabled on this location and there's only "-".
xx.xx.xx.xx - - [22/Dec/2020:07:10:45 -0800] "POST /billing/modules/gateways/callback/tco.php HTTP/2.0" 200 315 "-" "Guzzle/6.2.1" "-" /-/
I tried to apply this limit on nginx/1.14.2 (from Debian apt repository) and nginx/1.19.6 (from the official nginx repository). Debian 10.
Does anyone have a suggestion on what do I miss on this setup to make it work as expected?
0 Answers