limit_req
The 'limit_req' directive controls the rate of requests processed by NGINX to protect against excessive load.
Description
The 'limit_req' directive is used in NGINX to limit the number of requests that a client can make to the server in a specified time period. This directive is part of the HTTP Core Module and can be applied in various contexts including http, server, and location blocks. The primary purpose of this directive is to control traffic and prevent abuse from clients that send too many requests, which could affect the performance and stability of the server.
The 'limit_req' directive accepts one to three parameters:
1. **zone** (mandatory): The shared memory zone where the request rate limit configuration is stored.
2. **burst** (optional): This allows a certain number of excess requests to be processed immediately (without being delayed) when the limit is momentarily exceeded. The burst value permits traffic spikes.
3. **nodelay** (optional): If specified, excess requests will be processed immediately if they do not exceed the burst limit; otherwise, they are delayed according to the rate limit.
Users need to define a shared memory zone with the 'limit_req_zone' directive before using 'limit_req'. The rate limiting is based on the defined parameters in these zones, which determine how many requests can originate from a specific key (like an IP address) over a specified period.
Config Example
limit_req_zone $binary_remote_addr zone=mylimit:10m rate=1r/s;
server {
location /api {
limit_req zone=mylimit burst=5 nodelay;
}
}Ensure that the shared memory zone is properly defined with 'limit_req_zone' before using 'limit_req'.
Be cautious with the burst value to not allow too many requests that could lead to server overload.
Using 'nodelay' can cause high spikes in traffic if not configured correctly.