Join the community today
Become a Member

Xenforo How do you apply specific limit_req for proxy.php request?

Discussion in 'Forum software usage' started by rdan, Aug 29, 2020.

  1. rdan

    rdan Well-Known Member

    4,983
    1,185
    113
    May 25, 2014
    Ratings:
    +1,804
    Local Time:
    8:04 PM
    Mainline
    10.2
    I tried several approach but all failed, limit_req specified isn't applied.

    Code:
    location ~* /(proxy\.php) {
            limit_req zone=reqperiplimit burst=30 nodelay;
            try_files $uri /index.php?$uri&$args;
            ...
    }
    
    Code:
    location /proxy.php {
            limit_req zone=reqperiplimit burst=30 nodelay;
            try_files $uri /index.php?$uri&$args;
            ...
    }
    
    Code:
    location ~ ^/(proxy.php {
            limit_req zone=reqperiplimit burst=30 nodelay;
            try_files $uri /index.php?$uri&$args;
            ...
    }
    
    Code:
    location ^~ /proxy.php {
            limit_req zone=reqperiplimit burst=30 nodelay;
            try_files $uri /index.php?$uri&$args;
            ...
    }
    

     
    Last edited: Aug 29, 2020
  2. eva2000

    eva2000 Administrator Staff Member

    45,201
    10,280
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,934
    Local Time:
    10:04 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    You need to do rate limiting within the php location that serves the proxy.php php file i.e.

    Create one specific for the proxy.php location based on default php.conf include file at /usr/local/nginx/conf/xfproxy_php.conf and include that in your proxy.php location context match
    Code (Text):
    cp -a /usr/local/nginx/conf/php.conf /usr/local/nginx/conf/xfproxy_php.conf

    Code (Text):
    location ~ ^/proxy.php {
      add_header proxy "1";
      include /usr/local/nginx/conf/xfproxy_php.conf;
      try_files $uri /index.php?$uri&$args;
    }
    

    Then rate limit request goes in /usr/local/nginx/conf/xfproxy_php.conf i.e. first 4 lines would be like
    Code (Text):
    location ~ [^/]\.php(/|$) {
      add_header Proxy-RR "1";
      limit_req zone=xwplogin burst=1 nodelay;
      include /usr/local/nginx/conf/503include-only.conf;
    

    header added to verify that proxy.php file is served via the /usr/local/nginx/conf/xfproxy_php.conf include file and not global default /usr/local/nginx/conf/php.conf
    Code (Text):
    curl -I http://localhost/proxy.php     
    HTTP/1.1 200 OK
    Date: Fri, 28 Aug 2020 22:10:33 GMT
    Content-Type: text/html; charset=UTF-8
    Connection: keep-alive
    Vary: Accept-Encoding
    Server: nginx centminmod
    X-Powered-By: centminmod
    Proxy-RR: 1
    

    of course you can add rate limiting to global /usr/local/nginx/conf/php.conf include file to so every php file request for all sites on Centmin Mod server are rate limited the same too.
     
  3. rdan

    rdan Well-Known Member

    4,983
    1,185
    113
    May 25, 2014
    Ratings:
    +1,804
    Local Time:
    8:04 PM
    Mainline
    10.2
    Yes that's my last resort, as I already have limit_req on php.conf, I'll just create a new one specific for proxy request.
    Thanks Eva :)