Defining Burst and No Delay for NGINX

Question

I'm trying to limit my server (an API) to only allow 3 requests to be made per second (by IP, coming from Cloudflare), and after that the user receives an HTTP 429 code.

I don't want to allow anything in excess, that is, if the user makes a fourth request I don't want to hold it until the first 3 are completed, I just want to reject it immediately.

Reading this, this and this, I think I created a configuration that would solve the problem. Is this type of configuration correct?

http {
    limit_req_zone $http_cf_connecting_ip zone=ip_limit:10m rate=3r/s;
limit_req_status 429;
limit_conn_status 429;

server {
    listen 80;
    server_name seu_example.com;
    location / {
        limit_req zone=ip_limit burst=3 nodelay;
        # ...
    }
}

# ...

}

score 0 · Answer 1 · answered Nov 02 '23 at 04:43

0

The burst=3 would allow excess requests above the defined rate. So you would want to set it to burst=0 to strictly adhere to defined rate.

answered Nov 02 '23 at 04:43

Danila Vershinin

5,792

Defining Burst and No Delay for NGINX

1 Answers1