Welcome! Log In Create A New Profile

Advanced

how to configure request rate limiting by Kerberos authenticated user?

Nica, George
August 05, 2020 05:22PM
Hi,

We are currently using "limit_req_zone $binary_remote_addr" for rate limiting. However, some of our users are connecting from more than one IP address, using clients running on computer grids.
We wanted to do request rate limiting by authenticated user (in addition to the existing one by $binary_remote_addr).
Is there any way we could do request rate limiting based on authenticated user?
We use Kerberos for authentication, using ngx_http_auth_spnego_module (https://github.com/stnoonan/spnego-http-auth-nginx-module).
We tried "limit_req_zone $remote_user zone=user:10m rate=20r/s;" and "limit_req zone=user burst=20;" but the key was apparently empty - all requests, from all users, were getting limited (all bunched under one key). However, interestingly, $remote_user is passed fine to the upstream using "proxy_set_header X-Forwarded-User $remote_user;"... Apparently $remote_user only works for request limiting when using basic authentication.
Thank you for any suggestions/pointers.

Best,
George

----------------------------------------------------------------------
This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message.
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

how to configure request rate limiting by Kerberos authenticated user?

Nica, George August 05, 2020 05:22PM

Re: how to configure request rate limiting by Kerberos authenticated user?

Maxim Dounin August 05, 2020 08:36PM

Re: how to configure request rate limiting by Kerberos authenticated user?

George Nica August 06, 2020 11:27AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 53
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready