Condition Limit Req

Contents 1 Conditioanl Limit Request Module 1.1 Synopsis 1.2 Enhancements 1.3 Configuration Example 1.3.1 Work with robot mitigation

Conditioanl Limit Request Module

Synopsis

This feature is based on tengine's limit_req module. The limit_req module improves orginal nginx's limit_req feature in IP whitelist, multi-varialbes supporting and forbid_action, etc. SEnginx adds a new condition parameter which accepts a variable and only run limiting when the variable's value is true. Users can use this feature together with HTTP Robot Mitigation and IP Access Behavior Module to get more strategies on request limitation.

This feature is availiable since version 1.5.10.

Enhancements

Introduces a new "condition" parameter:

limit_req_zone $binary_remote_addr $request_uri zone=cc:10m rate=1r/s;

server {
    location / {
        limit_req zone=cc burst=1 forbid_action=@process condition=$cond;    #if $cond is true, then perform limiting
    }

    location @process {
        return 403;
    }
}

Configuration Example

Work with robot mitigation

location ~ /bbs/.*\.php {
    limit_req zone=cc burst=5 forbid_action=@process;

    proxy_pass http://backend;
}

location @process {
    ns_layer_force_run;

    robot_mitigation on;
    robot_mitigation_blacklist 10;

    proxy_pass http://backend;
}

Run request limitation for sensitive resources, if the requests break the burst, run robot mitigation first.
Read more at: IP Access Behavior Module