Forum: NGINX Limit request + whitelist = not using response code from backend? 0.8.54

Limit request + whitelist = not using response code from backend? 0.8.54
Posted by DreamWerx (Guest)
on 2013-02-19 14:06
(Received via mailing list) 
Hi all,

I'm hoping someone can help me with a small issue.  I'm trying to
implement rate limiting with a whitelist, and all in all it seems to
be working, but
the wrong response code is being sent back to the browser.

For example if the apache backend sends a 302 redirect response, nginx
still sends a 200 back?  If I remove the mapping to code 200, it then
sends a 418 back.
Is there an easy fix for this?

Here is my config.  Thanks for any help.

---------

http {
  recursive_error_pages on;
  proxy_buffering off;

  geo $limited {
    default         1;
    10.0.0.0/8      0;
    xxx.xxx.xxx.xx  0;
  }

  limit_req_zone $binary_remote_addr zone=protect1:10m rate=5r/s;
}


location / {
  error_page 418 =200 @limitclient;
  #error_page 418 @limitclient;
  if ($limited) {
    return 418;
  }

  proxy_read_timeout 300;
  default_type text/html;
  charset utf-8;
  proxy_set_header Host $http_host;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_redirect off;
  proxy_pass        http://backend;
}

location @limitclient {
  error_page 503 @flooder;
  limit_req zone=protect1 burst=5 nodelay;

  proxy_read_timeout 300;
  default_type text/html;
  charset utf-8;
  proxy_set_header Host $http_host;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_redirect off;
  proxy_pass        http://backend;
}

location @flooder {
  rewrite ^(.*)$   /flooder.html break;
}
Edit | Move | Delete topic | Reply with quote
Re: Limit request + whitelist = not using response code from backend? 0.8.54
Posted by Maxim Dounin (Guest)
on 2013-02-19 14:18
(Received via mailing list) 
Hello!

On Tue, Feb 19, 2013 at 02:05:46PM +0100, DreamWerx wrote:

> Is there an easy fix for this?
Yes,

-   error_page 418 =200 @limitclient;
+   error_page 418 =    @limitclient;

See http://nginx.org/r/error_page.

Alternatively, you may want to use something like

    geo $limited { ... }

    map $limited $address {
        1        $binary_remote_address;
        0        "";
    }

    limit_req_zone $address zone=...;

to implement a whitelist (i.e., make sure the variable used in
limit_req_zone is empty if you don't want the limit).

--
Maxim Dounin
http://nginx.com/support.html
Edit | Delete | Reply with quote
Re: Limit request + whitelist = not using response code from backend? 0.8.54
Posted by unknown (Guest)
on 2013-02-19 14:35
(Received via mailing list) 
Worked perfect!  Thanks again.
Edit | Delete | Reply with quote
Enable email notification | Enable multi-page view
Please log in before posting. Registration is free and takes only a minute.
Existing account (Switch to SSL-encrypted connection)
NEW: Do you have a Google/GoogleMail or Yahoo account? No registration required!
Log in with Google account | Log in with Yahoo account
No account? Register here.
Powered by RForum and Captchator. Contact information - E-Mail: webmaster (at) ruby-forum (dot) com.