Welcome! Log In Create A New Profile

Advanced

Re: Exclude ip's from Nginx limit_req zone

B.R.
December 21, 2014 11:26AM
I am highly suspicious about the content found at the address pointed by
the link provided by mex.
Unless I am mistaken, the variable filled by the geo module is not used
anywhere else... thus I guess the limiting works OK, but the 'white-list'
feature probably does not work, as it was expected/advertised.
TL;DR: it probably does not work.

==========

Francis gave you an answer which is working. I will try to explain it with
other words, hoping you will understand what to do.

The limit_* modules (req and conn) filter requests based on a variable,
which content is used as a key. If you use $binary_remote_addr there, nginx
will keep counters per (non empty) each value of the key and limit each of
them. In that case, each unique non-empty value is the binary IP address of
a client.

Now, you want to exclude clients from that list, so you cannot use it
directly. The trick you can use to exclude requests from being limited by
the limit_* module is ensuring that requests that should be unlimited
provide an empty value for the variable used by these modules.
Since you base your limit_* behavior on IP addresses, you thus need to set
an "empty" IP address for whitelisted addresses, so they are unlimited.

How to get that filtered list? nginx's map module allows you to fill a
variable depending on the value of another, used as a key.
That idea there is that if your key says "should not limit" (or, say, 0),
the new variable should be empty, while in all other cases the new variable
should contain $binary_remote_addr.
That gives you the last map Francis provided:
map $should_limit $filter {
default $binary_remote_addr;
0 "";
}
You wanna use the $filter variable on your limiter.

Now, for each request, you want to fill up this $should_limit variable with
0 for unlimited requests and anything else (say, 1) to limit them.
That is where the geo module kicks in, where you set the default value of
the variable it is working on with 1, and put rules matching the
white-listed IP addresses associated with the value 0.

Read the answer from Francis in the light of this attempt at explaining it
step-by-step.
The goal of the first part of his message was to explain why this 2-steps
process is mandatory, due to limitations in the inner workings of the geo
directive.

Hoping to have cleared things a little...
---
*B. R.*

On Sun, Dec 21, 2014 at 4:11 PM, ASTRAPI <nginx-forum@nginx.us> wrote:

> Thanks for your replies but i am confused now :(
>
> Can anyone please try to post:
>
> What i must add to main nginx config at:
>
> http { ?
>
>
> and what to add to the nginx domain config file at:
>
> server { ?
>
>
> Target is to have connections limit per ip 20 and requests limits per ip to
> 40 and requests burst up to 80 !
>
> Posted at Nginx Forum:
> http://forum.nginx.org/read.php?2,255697,255710#msg-255710
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

Exclude ip's from Nginx limit_req zone

ASTRAPI December 20, 2014 06:18PM

Re: Exclude ip's from Nginx limit_req zone

mex December 21, 2014 05:25AM

Re: Exclude ip's from Nginx limit_req zone

Martin Frb December 21, 2014 05:52AM

Re: Exclude ip's from Nginx limit_req zone

ASTRAPI December 21, 2014 07:17AM

Re: Exclude ip's from Nginx limit_req zone

Francis Daly December 21, 2014 09:42AM

Re: Exclude ip's from Nginx limit_req zone

ASTRAPI December 21, 2014 10:11AM

Re: Exclude ip's from Nginx limit_req zone

B.R. December 21, 2014 11:26AM

Re: Exclude ip's from Nginx limit_req zone

ASTRAPI December 21, 2014 01:36PM

Re: Exclude ip's from Nginx limit_req zone

ASTRAPI December 24, 2014 09:01AM

Re: Exclude ip's from Nginx limit_req zone

Maxim Dounin December 24, 2014 09:34AM

Re: Exclude ip's from Nginx limit_req zone

ASTRAPI December 24, 2014 02:36PM

Re: Exclude ip's from Nginx limit_req zone

Maxim Dounin December 25, 2014 08:14AM

Re: Exclude ip's from Nginx limit_req zone

ASTRAPI December 25, 2014 01:32PM

Re: Exclude ip's from Nginx limit_req zone

ASTRAPI December 29, 2014 05:13PM

Re: Exclude ip's from Nginx limit_req zone

ASTRAPI January 03, 2015 07:35PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 92
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready