Hey guys. I'm trying to rate-limit certain ip addresses using limit_req_zone and rewrites, as below:
http {
...
geo $limitMe {
default 0;
00.000.000.000 1; #some bad IP i want to limit
}
limit_req_zone $binary_remote_addr zone=limited:10m rate=20r/m; #define the limited zone to be 20r/m max
server {
server_name foo.com;
listen 80;
error_page 404 = @limitZone; # if the ip address is the bad address, go to the @limitZone named location
if ($limitMe) {
return 404;
}
location / {
root /some/folder/;
}
location @limitZone { #this location is just supposed to rate-limit requests, but then redirect them to their original intended location
limit_req zone=limited burst=10 nodelay;
rewrite ^ $uri last;
}
}
}
The problem is that the limit_req zone seems to no longer apply when I do the rewrite from @limitZone. I can send way more than 20 request per second at the bad ip (i set it to be my own ip for testing)
- requests from the bad IP gets directed to @limitZone as expected
- if @limitZone is a copy of location / ("root /some/folder/;" instead of "rewrite ^ $uri last") EVERYTHING WORKS FINE, RATE LIMIT TAKES EFFECT
so there's something with my rewrite statement, or the limit_req_zone is somehow incompatible with redirections? Any help will be appreciated, I've been stuck on this for hours