Welcome! Log In Create A New Profile

Advanced

limit_req seems to have no effect, but I would prefer it did

October 09, 2012 05:20AM
I'm attempting to rate limit requests, and I'm unable to make the limit_req directive have any effect. I've trimmed it down to a minimal test case. Here's my complete nginx.conf (with only the server_name changed to protect the innocent):

----------------------------------------------------------------------
worker_processes 2;

events {
worker_connections 8192;
}

http {
#keepalive_timeout 0s;
#keepalive_requests 0;
#limit_conn_zone $binary_remote_addr zone=conn_res:10m;
#limit_conn conn_res 1;
limit_req_zone $binary_remote_addr zone=req_res:10m rate=1r/s;
limit_req zone=req_res;

server {
listen 80;
server_name example.com *.example.com;
location / {
return 410;
}
}
}
----------------------------------------------------------------------

I've tried various combinations of burst=2, nodelay, 1r/s or 1r/m, with and without limit_conn, with and without keepalive, with and without "location /", etc... and requests are never being limited, as shown by the access.log entries below:

----------------------------------------------------------------------
while true; do
curl 55.55.55.55 -H'Host: test.example.com'
done

12.34.56.78 - - [09/Oct/2012:08:47:03 +0000] "GET / HTTP/1.1" 410 158 "-" "curl/7.21.1 (i686-pc-mingw32) libcurl/7.21.1 OpenSSL/0.9.8r zlib/1.2.3"
12.34.56.78 - - [09/Oct/2012:08:47:03 +0000] "GET / HTTP/1.1" 410 158 "-" "curl/7.21.1 (i686-pc-mingw32) libcurl/7.21.1 OpenSSL/0.9.8r zlib/1.2.3"
12.34.56.78 - - [09/Oct/2012:08:47:03 +0000] "GET / HTTP/1.1" 410 158 "-" "curl/7.21.1 (i686-pc-mingw32) libcurl/7.21.1 OpenSSL/0.9.8r zlib/1.2.3"
12.34.56.78 - - [09/Oct/2012:08:47:04 +0000] "GET / HTTP/1.1" 410 158 "-" "curl/7.21.1 (i686-pc-mingw32) libcurl/7.21.1 OpenSSL/0.9.8r zlib/1.2.3"
etc...
----------------------------------------------------------------------

The error.log file is empty. I'm running nginx 1.3.7, compiled from source, on an Amazon EC2 micro instance with the default image. (For kicks, I also tried 1.0.15, with no luck.) Here is /proc/version:

Linux version 3.2.21-1.32.6.amzn1.x86_64 (mockbuild@gobi-build-31004) (gcc version 4.4.6 20110731 (Red Hat 4.4.6-3) (GCC) ) #1 SMP Sat Jun 23 02:32:15 UTC 2012

Am I missing something obvious here?
SubjectAuthorPosted

limit_req seems to have no effect, but I would prefer it did

zildjohn01October 09, 2012 05:20AM

Re: limit_req seems to have no effect, but I would prefer it did

VBartOctober 09, 2012 06:16AM

Re: limit_req seems to have no effect, but I would prefer it did

zildjohn01October 10, 2012 09:17PM

Re: limit_req seems to have no effect, but I would prefer it did

VBartOctober 11, 2012 05:34AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 79
Record Number of Users: 7 on March 06, 2014
Record Number of Guests: 165 on April 21, 2014
Powered by nginx    Powered by FreeBSD    PHP Powered    Powered by Percona     ipv6 ready