Home / server / Questions / 341045
Accepted
QWade
Asked: 2011-12-15 13:53:25 +0800 CST

Trying to limit requests in Nginx per URI

  • 772

I find myself needing to limit the number of requests a particular IP can send for a particular URI (e.g. www.foo.com/somewhere/special) while leaving the rest of the site unregulated.

How would I configure that using the HttpLimitReqModule built into Nginx?

load-balancing web-server nginx

2 Answers

  1. You need to add a 

    location /somewhere/special {
...
}

    where you configure your limits with HttpLimitReqModule or HttpLimitZoneModule modules.

    • 1
  2. Best Answer

    Here's how it is done on one of my sites. First, we use geo module to define a variable that be used to identify limited addresses:

    geo $slow {
    default 0;
    include /etc/nginx/conf.d/slowlist;
}

    The slowlist file is like this:

    192.168.0.0/24  1;
192.168.10.0/24  1;

    and so on (IP addresses are just examples, of course). Then we define speed limits:

    limit_req_zone $binary_remote_addr zone=fast:1m rate=1000r/s;
limit_req_zone $binary_remote_addr zone=slow:10m rate=20r/m;

    Now we have to assign req_zones to every IP address. Inside the necessary location, we check the variable $slow, and if equals 1, we redirect to location @slow (using fictitious error 555):

    recursive_error_pages on;
error_page 555 = @slow;
if ($slow = 1) {
    return 555;
}
limit_req zone=fast burst=10000 nodelay;

    Then normal rules follow, including root, index, fastcgi*, whatever. Limit zone 'fast' will be used here. And, finally, we define location @slow, where limit zone 'slow' will be used:

    location @slow {
    limit_req zone=slow burst=5 nodelay;

    Then normal rules follow, including root, index, fastcgi*, whatever.

    So, usual requests are processed in the normal location, but all others are redirected to the location @slow.

    • 1