Hi, I currently have an nginx configuration that uses the limit_req directive to throttle upstream content requests. Now I'm trying to add similar rate limiting for auth requests, but I haven't been able to get the auth throttle to kick in during testing (whereas the content throttle works as expected). Is there some known limitation of using limit_req against auth_request requests, or do I simply have a problem in my configuration? Thank you.
http {
map $request_uri $guid {
default "unknown";
~^/out/(?P<id>.+?)/.+$ $id;
}
map $http_x_forwarded_for $last_client_ip {
default $http_x_forwarded_for;
~,\s*(?P<last_ip>[\.\d]+?)\s*$ $last_ip;
}
limit_req_zone $guid zone=content:20m rate=500r/s;
limit_req_zone $guid zone=auth:20m rate=100r/s;
server {
location /out/ {
auth_request /auth;
proxy_pass $upstream_server;
proxy_cache content_cache;
set $cache_key "${request_path}";
proxy_cache_key $cache_key;
proxy_cache_valid 200 301 302 10s;
#Throttling works here <---
limit_req zone=content burst=50 nodelay;
limit_req_status 429;
}
location /auth {
internal;
proxy_pass_request_body off;
proxy_pass $upstream_server/auth?id=$guid&requestor=$last_client_ip;
proxy_cache auth_cache;
set $auth_cache_key "${guid}|${last_client_ip}";
proxy_cache_key $auth_cache_key;
proxy_cache_valid 200 301 302 5m;
proxy_cache_valid 401 403 404 5m;
#Throttling seems not to work here <---
limit_req zone=auth burst=50 nodelay;
limit_req_status 429;
}
}
}