The ngx_http_limit_req_module
module limits the request processing rate
per a defined key. The module directives include the mandatory
limit_req_zone
and limit_req
directives and an optional
limit_req_status
directive.
The limit_req_zone
directive defines the parameters for the rate limiting.
Syntax | limit_req_zone key zone=name:size rate=rate [sync]; |
---|---|
Default | — |
Context | HTTP |
NGINX configuration sample | limit_req_zone $binary_remote_addr zone=global_limit_zone1:10m rate=1r/s ;
limit_req_zone $ip_limit_action zone=global_limit_zone2:10m rate=2r/s ;
|
The limit_req
directive enables rate limiting within the context where it
appears.
Syntax | limit_req zone=name [burst=number] [nodelay | delay=number]; |
---|---|
Default | — |
Context | HTTP, server, location |
NGINX configuration sample | limit_req zone=global_limit_zone1 burst=2 ;
limit_req zone=global_limit_zone2 burst=4 nodelay ;
|
The limit_req_status
directive sets the status code to return in
response to rejected requests.
Syntax | limit_req_status code; |
---|---|
Default | limit_req_status 503; |
Context | http, server, location that corresponds to the
nginx:server and nginx:server:site definitions of a pillar. |
NGINX configuration sample | limit_req_status 429;
|
Example of a Salt pillar for limit_req_zone and limit_req:
nginx:
server:
limit_req_module:
limit_req_zone:
global_limit_zone1:
key: binary_remote_addr
size: 10m
rate: '1r/s'
global_limit_zone2:
key: ip_limit_action
size: 10m
rate: '2r/s'
limit_req_status: 429
limit_req:
global_limit_zone1:
burst: 2
enabled: true
global_limit_zone2:
burst: 4
enabled: true
nodelay: true
In the configuration example above, the states are kept in a 10 megabyte
global_limit_zone1
and global_limit_zone2
zones. An average request
processing rate cannot exceed 1
request per second for
global_limit_zone1
and 2
requests per second for
global_limit_zone2
.
The $binary_remote_addr
, a client’s IP address, serves as a key for the
global_limit_zone1
zone. And the mapped $ip_limit_action
variable is
a key for the global_limit_zone2
zone.
To apply the request limiting to a particular site, define the limit_req
on a site level. For example:
nginx:
server:
site:
nginx_proxy_openstack_api_keystone:
limit_req_module:
limit_req:
global_limit_zone:
burst: 5
nodelay: true
enabled: true