Nginx Rate Limiting – How to Exclude Location from NGINX Rate Limiting

nginxrate-limiting

I have both limit_req_zone and limit_req defined in the http block of nginx so it will apply to all server and location blocks.

Is there a way to exclude a certain location or server block from that limit?

nginx.conf:

http {
...
limit_req_zone $binary_remote_addr zone=main:10m rate=25r/s;
limit_req zone=main burst=100 nodelay;
limit_req_status 429;
...
}

myserver.conf:

server {
...
     location /web/ {
     directive_to_disable_ratelimit
     }
...
}

The only work-around I could think of was to set an obscenely high burst for the location or server I want to exclude. So effectively the limit would never be hit.

Best Answer

This config should work:

http {
    limit_req_zone $binary_remote_addr zone=main:10m rate=25r/s;
    limit_req_status 429;
    
    server {
    ...
        location / {
            limit_req zone=main burst=100 nodelay;

            ... other location directives
        }

        location /web {
            ... other location directives
        }
    }
}

nginx location selection algorithm will match first block on all requests except requests matching /web.

Related Topic