Welcome! Log In Create A New Profile

Advanced

nginx, limit_conn_zone $request_body not working

Posted by akupchanko 
nginx, limit_conn_zone $request_body not working
December 22, 2020 03:41PM
I would like to limit some nginx location and avoid two parallel FastCGI threads for the same POST data ($request_body).

I've added a limit connection zone and configured connection limit on a location:


log_format postdata '$remote_addr - $remote_user [$time_local] '
'"$request" $status $bytes_sent '
'"$http_referer" "$http_user_agent" "$request_body" /$upstream_cache_status/';

limit_conn_zone $request_body zone=tco_body:10m;

server {
.....
access_log /var/log/nginx/www.example.com_access.log postdata;

location ~ ^/billing/modules/gateways/callback/tco.php$ {
client_body_buffer_size 16m;
limit_conn tco_body 1;
limit_conn_log_level info;
limit_conn_status 429;

fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}

fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
client_max_body_size 64M;
fastcgi_pass 127.0.0.1:9901;
}


but unfortunately nginx still can accept and send to php-fpm backend two requests with the same POST data at the same moment.

Nginx logs $request_body correctly when limit_conn is disabled. But I have noticed another weird behavior - access log doesn't contain $request_body when limit_conn is enabled on this location and there's only "-".


xx.xx.xx.xx - - [22/Dec/2020:07:10:45 -0800] "POST /billing/modules/gateways/callback/tco.php HTTP/2.0" 200 315 "-" "Guzzle/6.2.1" "-" /-/

I tried to apply this limit on nginx/1.14.2 (from Debian apt repository) and nginx/1.19.6 (from the official nginx repository). Debian 10.

Does anyone have a suggestion on what do I miss on this setup to make it work as expected?
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 58
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready