cookie_limit_req_zone
The `cookie_limit_req_zone` directive defines a shared memory zone for tracking and restricting access rates based on cookie values.
Description
The cookie_limit_req_zone directive is a crucial part of the ngx_cookie_limit_req_module, allowing administrators to manage the rate of requests made by clients based on their cookies. It sets up a shared memory zone where the limits and states of various keys are stored, specifically using cookie values as identifiers. This mechanism enables the server to track excessive requests from individual cookies and manage potential abuse by malicious clients.
The syntax for this directive includes a key parameter, referring to the value used for limiting (in this case, cookie values), along with a zone parameter to specify the name and size of the shared memory. Additionally, it accepts a rate limit expressed in requests per second, along with optional parameters for Redis storage, blocking duration for breaching the limit, and a maximum number of cookies considered legitimate. For instance, the directive allows you to specify that if more than a certain number of excessive requests are detected from a single cookie, subsequent requests will be delayed or rejected, providing a safeguard against cookies forged by malicious IPs.
Config Example
http {
cookie_limit_req_zone $http_cookie zone=one:10m rate=10r/s redis=127.0.0.1 block_second=60 cookie_max=3;
}Ensure the specified Redis server is reachable and correctly configured for the redis parameter.
Improper key configuration could lead to requests not being tracked correctly; verify that the key accurately reflects cookie values being used.
Be cautious about the size of the shared memory zone; if it's too small, it'll result in a lot of evictions, leading to throttling or dropped requests.