Welcome! Log In Create A New Profile

Advanced

Re: limit_conn_zone using $http_ variable not working?

Alan Jackson
May 09, 2022 05:32PM
Thanks for the reply. Helped me along the right path - debug logging was very useful.

In the end I used real_ip module to rewrite with Client-IP:

set_real_ip_from 127.0.0.1;
real_ip_header Client-IP;

And now the $binary_remote_addr contains the original remote client IP.

limit_conn_zone $binary_remote_addr zone=perip:10m;

Log lines are also now useful, and display the original remote client IP :)

Regards,
--Alan


> The "client: 127.0.0.1" part is the above log represents client address
> you previously claimed to contain "127.0.0.1", which is fine.
> The limit_conn_zone key evaluated content is logged at the debug level.


----- Original Message -----
From: "Sergey Kandaurov" <pluknet@nginx.com>
To: "nginx" <nginx@nginx.org>
Sent: Friday, 6 May, 2022 10:18:00 PM
Subject: Re: limit_conn_zone using $http_ variable not working?

> On 6 May 2022, at 03:54, Alan Jackson <alan.jackson@netvalue.nz> wrote:
>
> Hi,
>
> I'm trying to use rate limiting on an nginx mail proxy->nginx fastcgi backend to restrict the number of concurrent connections from a client's IP. Unfortunately, I can't use proxy_protocol on the mail proxy side due to the nginx version not supporting it.
>
> Using debug logging, I know that the nginx mail proxy is passing through an http header 'Client-IP' which contains the originating client IP.
>
> I've confirmed that in the http backend, the variable $http_client_ip contains the originating request's client ip ($binary_remote_addr just contains 127.0.0.1 due to the proxy), and that setting a return http header using this variable works just fine.
>
> However, when I try to use limit_conn_zone with the $http_client_ip variable, it is not behaving as I expect:
>
> "limit_conn_zone $http_client_ip zone=perip:10m;"
>
> Results in log lines like:
>
> "limiting connections, dry run, by zone "perip", client: 127.0.0.1, server: _, request: "GET /mail_auth.php HTTP/1.0"
>
> which doesn't look like the variable is being instantiated properly (client is still 127.0.0.1).
>


> Is using an $http_ variable expected to work in a limit_conn_zone config like this?
>

Yes, it is.

_______________________________________________
nginx mailing list -- nginx@nginx.org
To unsubscribe send an email to nginx-leave@nginx.org
_______________________________________________
nginx mailing list -- nginx@nginx.org
To unsubscribe send an email to nginx-leave@nginx.org
Subject Author Posted

limit_conn_zone using $http_ variable not working?

Alan Jackson May 05, 2022 08:00PM

Re: limit_conn_zone using $http_ variable not working?

Sergey Kandaurov May 06, 2022 06:24AM

Re: limit_conn_zone using $http_ variable not working?

Alan Jackson May 09, 2022 05:32PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 79
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready