I'm attempting to rate limit requests, and I'm unable to make the limit_req directive have any effect. I've trimmed it down to a minimal test case. Here's my complete nginx.conf (with only the server_name changed to protect the innocent):
----------------------------------------------------------------------
worker_processes 2;
events {
worker_connections 8192;
}
http {
#keepalive_timeout 0s;
#keepalive_requests 0;
#limit_conn_zone $binary_remote_addr zone=conn_res:10m;
#limit_conn conn_res 1;
limit_req_zone $binary_remote_addr zone=req_res:10m rate=1r/s;
limit_req zone=req_res;
server {
listen 80;
server_name example.com *.example.com;
location / {
return 410;
}
}
}
----------------------------------------------------------------------
I've tried various combinations of burst=2, nodelay, 1r/s or 1r/m, with and without limit_conn, with and without keepalive, with and without "location /", etc... and requests are never being limited, as shown by the access.log entries below:
----------------------------------------------------------------------
while true; do
curl 55.55.55.55 -H'Host: test.example.com'
done
12.34.56.78 - - [09/Oct/2012:08:47:03 +0000] "GET / HTTP/1.1" 410 158 "-" "curl/7.21.1 (i686-pc-mingw32) libcurl/7.21.1 OpenSSL/0.9.8r zlib/1.2.3"
12.34.56.78 - - [09/Oct/2012:08:47:03 +0000] "GET / HTTP/1.1" 410 158 "-" "curl/7.21.1 (i686-pc-mingw32) libcurl/7.21.1 OpenSSL/0.9.8r zlib/1.2.3"
12.34.56.78 - - [09/Oct/2012:08:47:03 +0000] "GET / HTTP/1.1" 410 158 "-" "curl/7.21.1 (i686-pc-mingw32) libcurl/7.21.1 OpenSSL/0.9.8r zlib/1.2.3"
12.34.56.78 - - [09/Oct/2012:08:47:04 +0000] "GET / HTTP/1.1" 410 158 "-" "curl/7.21.1 (i686-pc-mingw32) libcurl/7.21.1 OpenSSL/0.9.8r zlib/1.2.3"
etc...
----------------------------------------------------------------------
The error.log file is empty. I'm running nginx 1.3.7, compiled from source, on an Amazon EC2 micro instance with the default image. (For kicks, I also tried 1.0.15, with no luck.) Here is /proc/version:
Linux version 3.2.21-1.32.6.amzn1.x86_64 (mockbuild@gobi-build-31004) (gcc version 4.4.6 20110731 (Red Hat 4.4.6-3) (GCC) ) #1 SMP Sat Jun 23 02:32:15 UTC 2012
Am I missing something obvious here?
