Get the most out of your Centmin Mod LEMP stack
Become a Member

Nginx Other nginx rules doesn't apply when return is used?

Discussion in 'Nginx, PHP-FPM & MariaDB MySQL' started by rdan, Jan 10, 2022.

  1. rdan

    rdan Well-Known Member

    5,446
    1,408
    113
    May 25, 2014
    Ratings:
    +2,201
    Local Time:
    5:17 AM
    Mainline
    10.2
    Code:
    server {
        listen 80;
        server_name inter.com www.inter.com;
    
        limit_req zone=reqiplimit burst=5 nodelay;
        if ($request_method = HEAD) { return 444; }
    
        return 301 https://inter.com$request_uri;
    }
    
    Even if return 301 is used on the bottom, still reqiplimit doesn't apply.
    Is this nginx default feature?

     
  2. eva2000

    eva2000 Administrator Staff Member

    54,647
    12,230
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,799
    Local Time:
    7:17 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    return 444 means do not even bother returning a response and just close the connection so there's nothing to do after nginx serves a 444 for a matching request

    and #1834 (Rate limiting does not work after 3xx redirect) – nginx it's expected behaviour for Nginx

    If you use Cloudflare, just move the non-https to https redirect process from Centmin Mod Nginx vhost to Cloudflare page rule or always redirect to HTTPS feature. Then you can either do rate limiting via Cloudflare rate limiting feature (billable usage) and/or use Cloudflare Workers to cache the redirect - I can cache 301/302 redirects at Cloudflare level for my Wordpress blog as I rewrite search ?s=keyword query strings to pretty cacheable static /search/keyword URLs. Then just let Cloudflare CDN cache handle the redirect load/traffic :)

    Code (Text):
    curl -sIL https://blog.centminmod.com/?s=nginx 2>&1 | egrep -v 'cf-cachetime|cf-index|cf-push|cf-req|origin-trial|report-to|nel|link|cookie|-policy|expect|power'
    HTTP/2 302
    date: Mon, 10 Jan 2022 07:18:05 GMT
    content-type: text/html; charset=UTF-8
    location: https://blog.centminmod.com/search/nginx/
    cf-ray: 6cb4211c38b2523f-LAX
    cache-control: public, max-age=86400, s-maxage=86400, stale-while-revalidate=60
    expires: Tue, 11 Jan 2022 07:18:05 GMT
    strict-transport-security: max-age=31536000; includeSubdomains;
    vary: Accept-Encoding
    cf-cache-status: HIT
    x-content-type-options: nosniff
    x-frame-options: SAMEORIGIN
    x-redirect-by: WordPress
    x-ua-compatible: IE=edge
    x-xss-protection: 1; mode=block
    server: cloudflare
    
    HTTP/2 200
    date: Mon, 10 Jan 2022 07:18:05 GMT
    content-type: text/html; charset=UTF-8
    cf-ray: 6cb4211d2a2b523f-LAX
    cache-control: public, max-age=120
    expires: Mon, 10 Jan 2022 07:20:05 GMT
    last-modified: Mon, 10 Jan 2022 07:18:02 GMT
    strict-transport-security: max-age=31536000; includeSubdomains;
    vary: Accept-Encoding
    cf-cache-status: HIT
    x-content-type-options: nosniff
    x-frame-options: SAMEORIGIN
    x-ua-compatible: IE=edge
    x-xss-protection: 1; mode=block
    server: cloudflare
    
     
  3. rdan

    rdan Well-Known Member

    5,446
    1,408
    113
    May 25, 2014
    Ratings:
    +2,201
    Local Time:
    5:17 AM
    Mainline
    10.2
    That is just for HEAD HTTP method.
    Get and Post are still allowed.

    Ops... Thank you.