I'm looking for an approach to synchronize rate-limited IPs between nginx nodes.
I want to log these IPs and after that pushing them into a database and developing an agent to update blocked IPs in nginx config files.
My challenge is to find a way to have IPs nginx limited with 429
status code.
So, Is it possible to log rate-limited IPs into an specific file in nginx or do you suggest any other approach to synchronize rate-limited IPs between nodes?
Best Answer
Yes, you can do that, and a similar example is even in the nginx documentation.
The
access_log
directive also takes an optionalif=
parameter which evaluates variables given to it, and logs only if the result is not 0 or an empty string. Combined with the fact that you can have more than oneaccess_log
in a level, you can log differently based on your needs.First, though, you will need a
map
to map the HTTP response status you are interested in to a variable. Remember thatmap
must be outside theserver
block.Then in the relevant
server
block you will declare youraccess_log
.Remember that any appearance of
access_log
in one level overrides all others from higher levels, so you will want to copy (or better,include
) theaccess_log
directives from higher levels that you also want to use.