Why don't two limit_reqs work in different locations?

R

ronny2021-10-08 16:04:16

Nginx

ronny, 2021-10-08 16:04:16

The problem is the following. I have nginx config

http {

  limit_req_zone $binary_remote_addr zone=api_limit1:5m rate=1r/m;
  limit_req_zone $binary_remote_addr zone=api_limit2:5m rate=1r/m;

  server {

    location = /api/user/ {
        limit_req zone=api_limit2 nodelay;
        # break;

        add_header Set-Cookie "user=$user;Path=/;Max-Age=11111";

        return 200;
    }

    location ~ ^/api/ {
      limit_req zone=api_limit1 nodelay;
      proxy_pass http://api_server;
    }

On `location ~ ^/api/` the limits are worked out correctly: there is a limit error on the author of the request.

But on `location = /api/user/` - it doesn't work at all: it gives 200 with setting cookies always. If you uncomment `# break;`, then on the first request it gives 404, and on the second - as it should, a limit error.

What am I doing wrong?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

K

ky0, 2021-10-08
@ky0

Because it return 200always works, at least deny allwrite in this location. Give something more reasonable.