I'm looking into rate-limiting using nginx's HttpLimitReqModule. However, requests are all coming from the same IP (a loadbalancer), with the real IP address in the headers.
Is there a way to have nginx rate-limit based on the ip in the X-Forwarded-For
header instead of the ip of the source?
Best Answer
Yes, typical rate-limiting configuration definition string looks like:
where
$binary_remote_addr
is the unique key for limiter. You should try changing it to$http_x_forwarded_for
variable which gets the value ofX-Forwarded-For
header. Although this will increase memory consumption because$binary_remote_addr
is using compressed binary format for storing IP addresses and$http_x_forwarded_for
is not.