NGINX - throttle requests to prevent abuse

The reason I want to do this is because users develop against our API with JavaScript, and some developers screw up and cause visitors to slam the server with AJAX requests. When this happens, I want to be able to throttle the API requests to perhaps 50 requests per minute, or something to that effect.

Note: (particularly DB intensive resources, so perhaps at a path level, rather than server-wide (e.g. throttle "/json_api/", but not "/static/").

Solution 1:

This can be done using the LimitReqModule with Nginx. However if this is for a reverse proxy you might want to try out the new rate limiting supported by HAProxy.

I found the nginx rate limiting to be a little bit confusing to get the exact rate you want.

But you basically have something like:

limit_req_zone  $binary_remote_addr  zone=default:10m   rate=50r/m;

in the http section and then something like the following in the location section within the server section:

limit_req zone=default burst=10 nodelay;

In order not to have it for a certain section like /static you would just make that a separate location and not include it the limit_req directive (or the inverse).

Details on exact expiration datetime of an SSL certificate?

Do SSDs support SMART?

How to find error messages from Linux init.d/rc.d scripts?

How do I install an rpm that complains about rpmlib(FileDigests) <= 4.6.0-1?

How to install git to red hat enterprise linux 5.3 x64?

Ubuntu/Debian: Show list of available versions of a specific package

How can a Linux Administrator improve their shell scripting and automation skills?

Best practices for keeping UNIX packages up to date?

What switches can robocopy use to preserve file and directory times on the target? [closed]

Microsoft Windows - Install Updates And Restart (instead of Install and Shutdown)

What's the default username and password for an Ubuntu Live CD?

How can I run a full OS in a Docker container, without specifying a command?