Forum: NGINX How to limit POST request per ip ?

2974d09ac2541e892966b762aad84943?d=identicon&s=25 justcyber (Guest)
on 2014-04-05 13:54
(Received via mailing list)
How to limit POST request per ip ?

Need some of:

  limit_except POST {
    limit_req zone=postlimit burst=10 nodelay;
  }

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,249032,249032#msg-249032
A8108a0961c6087c43cda32c8616dcba?d=identicon&s=25 Maxim Dounin (Guest)
on 2014-04-06 00:08
(Received via mailing list)
Hello!

On Sat, Apr 05, 2014 at 07:54:21AM -0400, justcyber wrote:

> How to limit POST request per ip ?
>
> Need some of:
>
>   limit_except POST {

Just a side note: "limit_except POST" means the opposite to what
you ask above.

>     limit_req zone=postlimit burst=10 nodelay;
>   }

It is possible to limit only subset of requests by using
the fact that limit_req doesn't limit anything if it's
variable evaluates to an empty string, see
http://nginx.org/r/limit_req_zone.

That is, instead of

    limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;

we need something like

    limit_req_zone $limit zone=one:10m rate=1r/s;

where the $limit variables is empty for non-POST requests (as we
don't want to limit them), and evaluates to $binary_remote_addr
for POST requests.  Such a variable can be easily constructed
using the map module (see http://nginx.org/r/map):

    map $request_method $limit {
        default         "";
        POST            $binary_remote_addr;
    }

--
Maxim Dounin
http://nginx.org/
C589cc5e9ac9e69b9e3d219b671de89e?d=identicon&s=25 Jeroen Ooms (Guest)
on 2014-05-07 00:17
(Received via mailing list)
On Sat, Apr 5, 2014 at 3:07 PM, Maxim Dounin <mdounin@mdounin.ru> wrote:
>
> we need something like
>
>     limit_req_zone $limit zone=one:10m rate=1r/s;
>
> where the $limit variables is empty for non-POST requests (as we
> don't want to limit them), and evaluates to $binary_remote_addr
> for POST requests.

A follow-up question: are requests that hit the cache counted in the
limit_req_zone? I would like to enforce a limit on the POST requests
that actually hit the back-end; I don't mind additional requests that
hit the cache.
A8108a0961c6087c43cda32c8616dcba?d=identicon&s=25 Maxim Dounin (Guest)
on 2014-05-09 06:23
(Received via mailing list)
Hello!

On Tue, May 06, 2014 at 03:16:09PM -0700, Jeroen Ooms wrote:

> A follow-up question: are requests that hit the cache counted in the
> limit_req_zone? I would like to enforce a limit on the POST requests
> that actually hit the back-end; I don't mind additional requests that
> hit the cache.

Limits are checked (and counted) before a request is passed to a
content handler, hence all requests are counted, both cached and
not.  If you want to limit only requests which aren't cached, you
may do so, e.g., by adding an additional proxy layer with
limit_req.

--
Maxim Dounin
http://nginx.org/
Please log in before posting. Registration is free and takes only a minute.
Existing account

NEW: Do you have a Google/GoogleMail, Yahoo or Facebook account? No registration required!
Log in with Google account | Log in with Yahoo account | Log in with Facebook account
No account? Register here.