Exclude location from NGINX rate limiting

Question

I have both limit_req_zone and limit_req defined in the http block of nginx so it will apply to all server and location blocks.

Is there a way to exclude a certain location or server block from that limit?

nginx.conf:

http {
...
limit_req_zone $binary_remote_addr zone=main:10m rate=25r/s;
limit_req zone=main burst=100 nodelay;
limit_req_status 429;
...
}

myserver.conf:

server {
...
     location /web/ {
     directive_to_disable_ratelimit
     }
...
}

The only work-around I could think of was to set an obscenely high burst for the location or server I want to exclude. So effectively the limit would never be hit.

Tero Kilkanen · Accepted Answer · 2020-07-14T18:41:19.653

3

This config should work:

http {
    limit_req_zone $binary_remote_addr zone=main:10m rate=25r/s;
    limit_req_status 429;
    
    server {
    ...
        location / {
            limit_req zone=main burst=100 nodelay;

            ... other location directives
        }

        location /web {
            ... other location directives
        }
    }
}

nginx location selection algorithm will match first block on all requests except requests matching /web.

edited Jul 14 '20 at 18:41

answered Jul 13 '20 at 21:04

Tero Kilkanen

36,796
3
41
63

The `limit_req_zone` can be defined elsewhere, though, in case it is used in multiple places. – Michael Hampton Jul 13 '20 at 21:16
Tero I don't think I can reasonably move the 'main' limit_req_zone out of the http block though. There's hundreds of server blocks I need it to apply to, strewn throughout included conf files. I'm not sure if that's what @michael-hampton is getting at too. Also what if I wanted to exclude a whole server block from the 'main' zone limiting? Is that possible? – Finrod Felagund Jul 14 '20 at 16:04
2

@FinrodFelagund Right, `limit_req_zone` can remain where it is in the `http` block. As well `limit_req_status`. Then you just put `limit_req` in any `server` or `location` block you need it. I would have liked to see something in nginx like `limit_req zone=whatever off;` but that doesn't seem to exist yet. – Michael Hampton Jul 14 '20 at 16:18
Got it, yeah that'd be nice if it existed. I wanted to avoid adding `limit_req` to each `server` block I need it (because of so many blocks and conf files) but looks like that may be my only option. Thanks for the help guys. – Finrod Felagund Jul 14 '20 at 16:39
@tero would you mind editing your answer to include the `limit_req_zone` defined in the http block instead and then I can accept? – Finrod Felagund Jul 14 '20 at 17:12
2

@FinrodFelagund Remember that if you have a lot of directives that are common, you can extract them to a separate file and `include` it wherever necessary. – Michael Hampton Jul 14 '20 at 18:46

Exclude location from NGINX rate limiting

1 Answers1