Limit request + whitelist = not using response code from backend? 0.8.54

Hi all,

I’m hoping someone can help me with a small issue. I’m trying to
implement rate limiting with a whitelist, and all in all it seems to
be working, but
the wrong response code is being sent back to the browser.

For example if the apache backend sends a 302 redirect response, nginx
still sends a 200 back? If I remove the mapping to code 200, it then
sends a 418 back.
Is there an easy fix for this?

Here is my config. Thanks for any help.


http {
recursive_error_pages on;
proxy_buffering off;

geo $limited {
default 1;
10.0.0.0/8 0;
xxx.xxx.xxx.xx 0;
}

limit_req_zone $binary_remote_addr zone=protect1:10m rate=5r/s;
}

location / {
error_page 418 =200 @limitclient;
#error_page 418 @limitclient;
if ($limited) {
return 418;
}

proxy_read_timeout 300;
default_type text/html;
charset utf-8;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
proxy_pass http://backend;
}

location @limitclient {
error_page 503 @flooder;
limit_req zone=protect1 burst=5 nodelay;

proxy_read_timeout 300;
default_type text/html;
charset utf-8;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
proxy_pass http://backend;
}

location @flooder {
rewrite ^(.*)$ /flooder.html break;
}

Hello!

On Tue, Feb 19, 2013 at 02:05:46PM +0100, DreamWerx wrote:

Is there an easy fix for this?
Yes,

  • error_page 418 =200 @limitclient;
  • error_page 418 = @limitclient;

See Module ngx_http_core_module.

Alternatively, you may want to use something like

geo $limited { ... }

map $limited $address {
    1        $binary_remote_address;
    0        "";
}

limit_req_zone $address zone=...;

to implement a whitelist (i.e., make sure the variable used in
limit_req_zone is empty if you don’t want the limit).


Maxim D.

Worked perfect! Thanks again.