Hello!
I’ve followed this reference:
To produce the following config:
http {
geo $public_vs_our_networks {
default 1;
127.0.0.1/32 0;
… my networks …
}
map $public_vs_our_networks $limit_public {
1 $binary_remote_addr;
0 “”;
}
limit_req_zone $limit_public zone=public_facing_network:10m
rate=40r/m;
…
server {
…
location / {
…
limit_req zone=public_facing_network burst=5
nodelay;
…
proxy_pass http://my_upstream;
}
}
}
Unfortunately-- my error logs quickly filled up with clients who were
incorrectly rate limited. It was as if this configuration created 1
bucket
for ALL the public facing clients, as opposed to individually bucketing
each
public client by their $binary_remote_addr. Please advise on what I
might
be missing.
Thanks for your help!
-Nick
Posted at Nginx Forum:
Hello!
On Tue, Apr 30, 2013 at 07:25:22PM -0400, nauger wrote:
127.0.0.1/32 0;
...
Unfortunately-- my error logs quickly filled up with clients who were
incorrectly rate limited. It was as if this configuration created 1 bucket
for ALL the public facing clients, as opposed to individually bucketing each
public client by their $binary_remote_addr. Please advise on what I might
be missing.
Variables can be used as a result of a map only in nginx 0.9.0+,
see Module ngx_http_map_module. You have to upgrade for the above to
work.
–
Maxim D.
http://nginx.org/en/donation.html
Hi Maxim,
Thank you-- that makes sense. Before upgrading, is it possible to
implement
this white list behavior using a different mechanism?
Thanks again,
-Nick
Posted at Nginx Forum:
Hello!
On Wed, May 01, 2013 at 12:04:12AM -0400, nauger wrote:
Hi Maxim,
Thank you-- that makes sense. Before upgrading, is it possible to implement
this white list behavior using a different mechanism?
You may try to use if + set at server level instead of map.
–
Maxim D.
http://nginx.org/en/donation.html