For the life of me I can't seem to get my configuration correct to limit
requests. I'm running nginx 1.5.1 and have it serving up static content and
pushing all non-existent requests to the apache2 proxy backend for serving
up. I don't want to limit any requests to static content but do want to
limit requests to the proxy. It seems no matter what I put in my
configuration I continue to see entries in the error log for ip addresses
which are not breaking the rate limit.

2013/11/12 20:55:28 [warn] 10568#0: *1640292 delaying request, excess:
0.412, by zone "proxyzone" client ABCD

I've tried using a map in the top level like so

limit_req_zone $limit_proxy_hits zone=proxyzone:10m rate=4r/s;

map $request_filename $limit_proxy_hits
{
default "";
~/$ $binary_remote_addr; (only limit filename requests ending in
slash as we may have something.php which should not be limited)
}

yet when i look at the logs, ip ABCD has been delayed for a url ending in
slash BUT when i look at all proxy requests for the IP, it is clearly not
going over the limit. It really seems that no matter what, the
limit_req_zone still counts static content against the limit or something
else equally as confusing.

I've also attempted

limit_req_zone $limit_proxy_hits zone=proxyzone:10m rate=4r/s;

and then use $limit_proxy_hits inside the server/location

server
{
set $limit_proxy_hits "";

location /
{
set $limit_proxy_hits $binary_remote_addr;
}
}

and while the syntax doesn't bomb, it seems to exhibit the exact same
behavior as above as well.

ASSERT:

a) When i clearly drop 40 requests from an ip, it clearly lays the smack
down on a ton of requests as it should
b) I do a kill -HUP on the primary nginx process after each test
c) I keep getting warnings on requests from ip's which are clearly not
going over the proxy limit
d) I have read the leaky-bucket algorithm and unless i'm totally missing
something a max of 4r/s should always allow traffic until we start to go
OVER 4r/s which isn't the case.

The documentation doesn't have any real deep insight into how this works
and I could really use a helping hand. Thanks!
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx