How to limit POST request per ip?

How to limit POST request per ip ?

Need some of:

limit_except POST {
limit_req zone=postlimit burst=10 nodelay;
}

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,249032,249032#msg-249032

Hello!

On Sat, Apr 05, 2014 at 07:54:21AM -0400, justcyber wrote:

How to limit POST request per ip ?

Need some of:

limit_except POST {

Just a side note: “limit_except POST” means the opposite to what
you ask above.

limit_req zone=postlimit burst=10 nodelay;

}

It is possible to limit only subset of requests by using
the fact that limit_req doesn’t limit anything if it’s
variable evaluates to an empty string, see
http://nginx.org/r/limit_req_zone.

That is, instead of

limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;

we need something like

limit_req_zone $limit zone=one:10m rate=1r/s;

where the $limit variables is empty for non-POST requests (as we
don’t want to limit them), and evaluates to $binary_remote_addr
for POST requests. Such a variable can be easily constructed
using the map module (see http://nginx.org/r/map):

map $request_method $limit {
    default         "";
    POST            $binary_remote_addr;
}


Maxim D.
http://nginx.org/

Hello!

On Tue, May 06, 2014 at 03:16:09PM -0700, Jeroen O. wrote:

A follow-up question: are requests that hit the cache counted in the
limit_req_zone? I would like to enforce a limit on the POST requests
that actually hit the back-end; I don’t mind additional requests that
hit the cache.

Limits are checked (and counted) before a request is passed to a
content handler, hence all requests are counted, both cached and
not. If you want to limit only requests which aren’t cached, you
may do so, e.g., by adding an additional proxy layer with
limit_req.


Maxim D.
http://nginx.org/

On Sat, Apr 5, 2014 at 3:07 PM, Maxim D. remo[email protected] wrote:

we need something like

limit_req_zone $limit zone=one:10m rate=1r/s;

where the $limit variables is empty for non-POST requests (as we
don’t want to limit them), and evaluates to $binary_remote_addr
for POST requests.

A follow-up question: are requests that hit the cache counted in the
limit_req_zone? I would like to enforce a limit on the POST requests
that actually hit the back-end; I don’t mind additional requests that
hit the cache.

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs