limit_req_zone
The 'limit_req_zone' directive sets a shared memory zone for limiting the request rate per defined key.
Description
The 'limit_req_zone' directive is used within the http context of the NGINX configuration to define a shared memory zone that is associated with a request rate limiting mechanism. It takes three parameters: a key that defines the context in which requests will be tracked (such as the client IP address or a variable), the zone name where the request counters are stored, and the maximum size of that shared memory zone.
When properly configured, NGINX groups incoming requests based on the key defined and counts these requests over time. For example, if the key is the client's IP address, NGINX will track how many requests come from each individual IP. This allows administrators to prevent abuse and limit excessive usage of specific resources. The request limiting feature functions by utilizing two primary options, burst and nodelay, which can be specified in conjunction with the 'limit_req' directive to control how excess requests are handled.
The chosen parameters must reflect the needs of your deployment, as different applications might require higher or lower rate limits and could be affected by simultaneous request bursts from users. Therefore, proper tuning of these parameters is critical to avoid inadvertently restricting legitimate users while effectively mitigating abuse.
Config Example
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
When defining the zone, ensure the key is correctly specified to avoid unexpected limiting behavior.
Avoid using overly restrictive rate limits that could block legitimate traffic, especially in high-traffic environments.
Make sure the zone name is unique within the configuration to prevent conflicts.