Welcome to Centmin Mod Community
Register Now

Nginx Limiting requests issue

Discussion in 'Nginx, PHP-FPM & MariaDB MySQL' started by Oxide, Jan 7, 2016.

  1. Oxide

    Oxide Active Member

    504
    29
    28
    Mar 19, 2015
    Ratings:
    +54
    Local Time:
    9:40 PM
    I am limiting requests to max 15 requests per second on my forum, however when editing a topic it somehow returned 503 and logged that I did more than 15 requests a second.

    I have no idea why, since I am only limiting requests on PHP Documents?

    Anyone have any idea why this happens? I counted, and there is only 5 documents (PHP) requests made, else are css etc.

    Limiting requests, obviously helps against DDoS.. But so far, I've had nothing but issues with it due Ajax requests.

    False-bans etc, such as in this case.. What I did was adding:


    Code:
    map $request_uri $search_ratelimit {
            default           $binary_remote_addr;
            "~/ajax/"       "";
            "~/files/"       "";
            "~/applications/core/interface/imageproxy/"       "";
    }
    
    limit_req_zone  $search_ratelimit  zone=one:10m   rate=15r/s;
    to nginx.conf

    Code:
    & limit_req   zone=one  burst=1 nodelay;
    to php.conf

    Now, even if I make rate to 5 r/s, it's not giving more errors than one 503 on that page.. or if i make it 30, it will still be one of those that will give 503.. makes no sense. Unless I am miss understanding how it works.








    [​IMG]
     
  2. Oxide

    Oxide Active Member

    504
    29
    28
    Mar 19, 2015
    Ratings:
    +54
    Local Time:
    9:40 PM
    As you can see, it's far from 15 or even 30 requests a second to PHP Documents.. It's only 4-5 php files, so that's impossible.

    This is a example of what I am trying to do: Rate Limiting With nginx

    PS. My burst is set to 1, could this be the reason? I don't really understand what burst is-
     
  3. eva2000

    eva2000 Administrator Staff Member

    30,180
    6,786
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,139
    Local Time:
    9:40 PM
    Nginx 1.13.x
    MariaDB 5.5
    should be without & in front right :)

    do you have other limit_req lines throughout your domain's nginx vhost besides in php.conf ? if you have more than one, it could be other rate limits being triggered ? have you confirmed it that it's that specific limit_req triggering the 503 ? tried raising the request limit from 15/s to confirm and/or raising burst limit for php.conf limit_req ?
     
  4. Oxide

    Oxide Active Member

    504
    29
    28
    Mar 19, 2015
    Ratings:
    +54
    Local Time:
    9:40 PM
    thanks for the reply

    i lifted burst to 5, and changed r/s down to 10.. so far it seems to be working fine, no false alerts.. also if i hold down f5 it gets blocked, which is what i want..

    the & wasnt there, i just forgot to remove it when putting into code tag.
     
  5. eva2000

    eva2000 Administrator Staff Member

    30,180
    6,786
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,139
    Local Time:
    9:40 PM
    Nginx 1.13.x
    MariaDB 5.5
    ok so raising burst helped i see
    Module ngx_http_limit_req_module ;) :)

    not sure how you're working with 10 r/s + 5 burst which means 503 gets triggered after 10 + 5 = 15th request per second versus at 15 r/s + 1 burst which means 503 gets triggered after 15 + 1 = 16th request per second maybe just a fine line, you can maybe try 16 r/s and 1 or 2 burst and see
     
  6. Oxide

    Oxide Active Member

    504
    29
    28
    Mar 19, 2015
    Ratings:
    +54
    Local Time:
    9:40 PM
    1-2 burst would give me error even when its far from 15r/S , 5 burst seems to work..
     
    • Informative Informative x 1
  7. eva2000

    eva2000 Administrator Staff Member

    30,180
    6,786
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,139
    Local Time:
    9:40 PM
    Nginx 1.13.x
    MariaDB 5.5
    i see then 5 burst it is :)
     
  8. Xon

    Xon Active Member

    130
    57
    28
    Nov 16, 2015
    Ratings:
    +171
    Local Time:
    7:40 PM
    1.11.x
    MariaDB 10.1.x
    Check your error log as it will log requests which trigger the limiter.

    I use separate location blocks to add limiters for different zones, as for example I rate limit requests to the signup URLs much more heavily than general php requests and then I have different limits depending on the URI before re-writing.
     
    • Informative Informative x 1
  9. Oxide

    Oxide Active Member

    504
    29
    28
    Mar 19, 2015
    Ratings:
    +54
    Local Time:
    9:40 PM
    2016/01/06 18:58:50 [error] 1712#1712: *9918833 limiting requests, excess: 2.000 by zone "one",

    thats what i got, not sure what 2.000 means, however thats what happens when i had burst at 1 and requests / second to 15.