1

I have an application server sitting behind nginx, and in some cases (e.g. wrong password), I want to intentionally delay the response by 500ms or more.

Implementing this delay in the application server requires a bit of redesign.

Is it possible to somehow tell nginx, via a header, to delay the response?

(I know about the rate limiting as described https://www.nginx.com/blog/rate-limiting-nginx/, but it seems to have some limitations; e.g. it categorizes by IP address so someone with 1000 proxies could bypass this -- correct me if I'm wrong. I am open to other ideas, of course.)

CaptainCodeman
  • 227
  • 2
  • 10
  • Where does the password check happen? – Gerard H. Pille Dec 22 '20 at 18:31
  • In the application which is configured as a reverse proxy from nginx. – CaptainCodeman Dec 22 '20 at 18:40
  • I think that would be the best place to sleep a certain time before returning an answer. But don't forget, wherever you decide to block the response, you're wasting precious resources: server memory, open connections ... It would cost less to reject the next request from or for that account. – Gerard H. Pille Dec 22 '20 at 18:59
  • That's the problem; sleeping on the application service takes out a worker thread so multiple such requests will block the entire application or otherwise increase number of threads -- alternatively it requires a redesign to make certain processes asynchronous -- this is a massive change, which I'd like to avoid as we don't need it anywhere else. Thus I was asking if there is an nginx based solution. – CaptainCodeman Dec 22 '20 at 20:42
  • 2
    I always prefer the simple solutions myself. What about the application rejecting logins for that account for a small time, increasing with each failed try. Alternative would be to inform Nginx about the failure, but Nginx would normally block based on IP address. – Gerard H. Pille Dec 22 '20 at 20:52
  • @GerardH.Pille That's a good solution, much better than stalling the server. Thanks for the suggestion! – CaptainCodeman Dec 22 '20 at 20:58

0 Answers0