Dynamic Limit Req#
The module provides dynamic blocking of IP addresses when request limits are exceeded,
and automatically removes the block after the specified time. Load the module in the Detailed documentation and source code are available at:
limithit/ngx_dynamic_limit_req_moduleLoading the module#
main{} context:load_module modules/ngx_http_dynamic_limit_req_module.so;
Configuration example#
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
dynamic_limit_req_zone $binary_remote_addr zone=one:10m rate=100r/s redis=127.0.0.1 block_second=300;
dynamic_limit_req_zone $binary_remote_addr zone=two:10m rate=50r/s redis=127.0.0.1 block_second=600;
dynamic_limit_req_zone $binary_remote_addr zone=sms:5m rate=5r/m redis=127.0.0.1 block_second=1800;
server {
listen 80;
server_name localhost;
location / {
if ($http_x_forwarded_for) {
return 400;
}
root html;
index index.html index.htm;
dynamic_limit_req zone=one burst=100 nodelay;
dynamic_limit_req_status 403;
}
error_page 403 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 80;
server_name localhost2;
location / {
root html;
index index.html index.htm;
set $flag 0;
if ($document_uri ~* "regist") {
set $flag "${flag}1";
}
if ($request_method = POST) {
set $flag "${flag}2";
}
if ($flag = "012") {
dynamic_limit_req zone=sms burst=3 nodelay;
dynamic_limit_req_status 403;
}
if ($document_uri ~* "getSmsVerifyCode.do") {
dynamic_limit_req zone=sms burst=5 nodelay;
dynamic_limit_req_status 444;
}
dynamic_limit_req zone=two burst=50 nodelay;
dynamic_limit_req_status 403;
}
error_page 403 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
Additional information#
Content