nginx – Rate Limiting with X-Forwarded-For Header

nginxrate-limiting

I'm looking into rate-limiting using nginx's HttpLimitReqModule. However, requests are all coming from the same IP (a loadbalancer), with the real IP address in the headers.

Is there a way to have nginx rate-limit based on the ip in the X-Forwarded-For header instead of the ip of the source?

Best Answer

Yes, typical rate-limiting configuration definition string looks like:

 limit_req_zone  $binary_remote_addr zone=zone:16m rate=1r/s;

where $binary_remote_addr is the unique key for limiter. You should try changing it to $http_x_forwarded_for variable which gets the value of X-Forwarded-For header. Although this will increase memory consumption because $binary_remote_addr is using compressed binary format for storing IP addresses and $http_x_forwarded_for is not.

 limit_req_zone  $http_x_forwarded_for zone=zone:16m rate=1r/s;

Related Solutions

Nginx – How to configure nginx to return 429 http code when rate limiting

Good news, with Version 1.3.15 http://mailman.nginx.org/pipermail/nginx/2013-March/038306.html

we have the "limit_req_status" and "limit_conn_status" directives. I just tested them on Gentoo Linux (note that you need to have the modules limit_req and limit_con compiled in).

With these settings I think you can achieve what you've asked for:

limit_req_status 429;
limit_conn_status 429;

I have verified this with a quick:

ab2 -n 100000 -c 55 "http://127.0.0.1/api/v1

On which most request failed after activating the directive due to the high request rate and the configured limit in nginx:

limit_req zone=api burst=15 nodelay;

Nginx Rate Limiting With CloudFlare

It's possible to rate limit using the IP from xff header sent by CF:

http {
limit_req_zone  "$http_x_forwarded_for" zone=zone:10m rate=2r/s;
server {

location /{
            limit_req zone=zone burst=5;
        }

more info: https://www.keycdn.com/blog/x-forwarded-for-cdn/

Best Answer

Related Solutions

Nginx – How to configure nginx to return 429 http code when rate limiting

Nginx Rate Limiting With CloudFlare

Related Topic