Step: 1 Defining zone in server or http block
Step 2: adding rules in location block.
Step: 1 Defining Rate limit zone in nginx server or http block
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
10m is size of zone. 1MB can hold 16000 states. I think this means 16000 unique IP addresses. In case you have way too many sites or very high traffic sites, you may want to increase it to 20MB or 100MB.
limit_req_zone $binary_remote_addr zone=ratelimitzone:10m rate=30r/m;
1 requests per 2 seconds
limit_req_zone $binary_remote_addr zone=ratelimitzone:10m rate=10r/m;
1 request for 6 seconds
limit_req_zone $binary_remote_addr zone=one:10m rate=3r/m;
3 request for m
limit_req_zone $binary_remote_addr zone=ratelimitzone:10m rate=1r/s;
1 request for 1 second
Step 2: adding rate limit rules in nginx location block.
limit_req zone=one burst=10 delay=5;
Nginx Rate limiting configuration in http server block
ngnx.conf or domain.conf
at http or server blockl
limit_req_zone $binary_remote_addr zone=basic_limit:10m rate=3r/s;
Sample Nginx rate limit configuration in location block
server {
location /search/ {
limit_req zone=one;
}
Nginx Rate limiting burst explained specific url location
server {
location /search/ {
limit_req zone=one burst=5;
}
allow not more than 1 request per second at an average, with bursts not exceeding 5 requests./ second.
rate of 1r/s, and a burst of 3. NGINX receives 5 requests at the same time:
* The first one is accepted and processed
* Because you allow 1+3, there’s 1 request which is immediately rejected, with a 503 status code
* The 3 other ones will be treated, one by one, but not immediately. They will be treated at the rate of 1r/s to stay within the limit your set.
* The first one is accepted and processed
* Because you allow 1+3, there’s 1 request which is immediately rejected, with a 503 status code
* The 3 other ones will be treated, one by one, but not immediately. They will be treated at the rate of 1r/s to stay within the limit your set.
Nginx Rate limit burst nodelay explained
server {
location /search/ {
limit_req zone=one burst=5 nodelay;
}
errors in nginx error log:
limiting requests, excess: 10.200 by zone “one”,
Nginx Rate limiting burst delay explained
burst requests will be processed with some delay,
server {
location /search/ {
limit_req zone=one burst=5 delay=10;
}
delay in ms.
errors in nginx error log:
delaying request, excess: 29.800, by zone “one”,
delaying request, excess: 5.200, by zone “one”,
delaying request, excess: 5.600
delaying request, excess: 5.200, by zone “one”,
delaying request, excess: 5.600
nginx rate limiting not working
the case is you put rate limit zone and the rate limit rules in at same block.
http block or server block.
place one snippet in location block and another in server or http block.
understanding rate limiting in nginx error log
delaying request, excess: 1.000, by zone “one” 1/r sec with burst.
limiting requests, excess: 10.200 by zone “one”,
limit reached timeout error occurs.
Blocking IP with Fail2ban and nginx rate limiting
fail2ban looks into nginx error log, if the ip the address repeatedly based on maxretry and in specified time find, that will be for a given period hours, week, days etc.