Limit connections which result in too many 4xx & 5xx statuses

Inspired by: https://serverfault.com/questions/907860/nginx-limit-request-based-on-response-status-code
kiwitcms · Jan 18, 2024 · 7ddbf91 · 7ddbf91
1 parent 5276f84
commit 7ddbf91
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/etc/nginx.conf b/etc/nginx.conf
@@ -51,11 +51,13 @@ http {
     proxy_set_header Host $host;
     proxy_set_header X-Real-IP $remote_addr;
 
+    # limit HTTP requests based on URL path
     map $request_uri $limit_key {
         default "";
         ~^/accounts/ $binary_remote_addr;
     }
     limit_req_zone $limit_key zone=ten-per-sec:10m rate=10r/s;
+    limit_req_zone $binary_remote_addr zone=one-per-sec:10m rate=1r/s;
     limit_req_status 429;
 
     upstream kiwitcms {
@@ -97,8 +99,15 @@ http {
         location / {
             include     /etc/nginx/uwsgi_params;
             uwsgi_pass  kiwitcms;
+            uwsgi_intercept_errors on;
+            # respond with the same original error status/response and redirect for rate limiting
+            error_page 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 421 422 423 424 426 428 429 431 451 500 501 502 503 504 505 506 507 508 510 511 = @error_handler;
 
             limit_req zone=ten-per-sec burst=20 nodelay;
         }
+
+        location @error_handler {
+            limit_req zone=one-per-sec burst=2; nodelay;
+        }
     }
 }