limit_req_dry_run
The limit_req_dry_run directive allows you to test rate limiting without actually enforcing it.
Description
The limit_req_dry_run directive is specifically designed to facilitate the development and testing of rate limiting configurations within NGINX. When enabled, it essentially simulates the effect of rate limiting by processing requests without enforcing any actual limits. This is particularly useful in scenarios where administrators want to monitor how many requests would have been processed and potentially rejected due to exceeding rate limits, without impacting live traffic.
This directive takes a binary argument—either on or off. When set to on, NGINX performs the rate limiting checks as defined by other directives, such as limit_req_zone, but does not reject requests based on those limits. Instead, the logs will indicate if requests were exceeded. This allows for fine-tuning of rate limiting parameters and ensuring everything works as anticipated prior to full deployment. The directive is context-sensitive and can be configured within the http, server, or location blocks in NGINX configurations.
By using limit_req_dry_run, administrators can gather data on request behaviors and patterns, which assists in effectively determining the appropriate rate limits to apply once the directive is turned off. However, it’s crucial to keep in mind that with dry run enabled, the actual intended rate limiting will not take effect, which could result in untracked traffic surges if the limits are set too high once enforcement begins.
Config Example
http {
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
server {
location / {
limit_req zone=one;
limit_req_dry_run on;
}
}
}Using limit_req_dry_run in a production environment without careful consideration can lead to unexpectedly high traffic allowing through untracked.
Make sure to turn off the dry run mode before final deployment to enforce rate limits and avoid traffic overload.