Hi all:

I'm trying to understand the HttpLimitReqModule, the wiki is a bit
unverbose about the terminology.
I'm trying to mimic Apache's mod_evasive module, specifically there is
an annoying user that likes to request the same image once every
second for hours at a time. I would like to log this and then use
fail2ban to block the IP for a specific time. The problem is that the
image in question is a legitimate request that shows up on every page
of the site in question. What I had in mind:

limit_req_zone $binary_remote_addr zone=one:1m rate=50r/m;
#offending user: 60r/m

server {
location = /path/to/image.jpg {
limit_req zone=one burst=???;
limit_req_log_level error
}

The problem is the low rate with which the offending requests are
made. mod_evasive lets you set up a timespan in which a specific
number of requests are made, while nginx checks "online" if a second
request is made after 1/rate. In my case (1 offending request per
second), legitimate users would be blocked if they load 2 pages in one
second, which of course happens frequently.

Any suggestions?

Thanks,
Adrian

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx