Nginx: Bypass rate limiting with header

nginxrate-limiting

This answer is perfect dealing with bypassing rate limiting with IP addresses.

If I need to bypass rate limiting with a secret header, how do I achieve this?

Ref:

http {
    geo $whitelist {
       default 0;
       # CIDR in the list below are not limited
       1.2.3.0/24 1;
       9.10.11.12/32 1;
       127.0.0.1/32 1;
    }
    map $whitelist $limit {
        0     $binary_remote_addr;
        1     "";
    }
    limit_conn_zone      $limit    zone=connlimit:10m;

    limit_conn           connlimit 5;
    limit_conn_log_level warn;   # logging level when threshold exceeded
    limit_conn_status    503;    # the error code to return

Best Answer

The usual reason for these questions is that most of these directives cannot be used from within the context of the if statement, hence, how would one be able to conditionally specify different limits?

The answer is to use intermediate variables — just as in the linked answer, use set the limits using variables, where, subsequently, the values of those variables would differ depending on a map or an if statement.

http {
    map $http_x_secret_header $limit {
        default      $binary_remote_addr;
        secretvalue  "";
    }
    limit_conn_zone      $limit    zone=connlimit:10m;
    …

Ref:

Related Topic