我已经设置nginx req_limit_zone来限制请求到我的networking服务器。 此外,我增加了地理位置白名单某些IP的请求限制不会影响这些IP。
问题是,一旦我用aptesting它,那么它将这个请求限制应用于被列入白名单的IP地址,而其他一切都不受限制。
限速configuration:
geo $limited { default 1; 10.2.3.0/24 0; } map $limited $limit { 1 $binary_remote_addr; 0 ""; } limit_req_zone $limit zone=r_local:10m rate=50r/s;
Vhostconfiguration:
server { listen xxxx:80; server_name www.local.dev dev.local.lan ; access_log syslog:info syslog; error_log syslog:err; if ($host ~* ^local\.dev$) { rewrite ^/(.*)$ http://www.local.dev/$1; } if ($host ~* ^www\.local\.live$) { rewrite ^/(.*)$ /norlimit/$1 break; } if ($http_user_agent ~ (Googlebot|msnbot)) { rewrite ^/(.*)$ /norlimit/$1 break; } more_clear_headers 'Server'; more_clear_headers 'Pragma'; location /norlimit/ { rewrite ^/norlimit/(.*)$ /$1 break; include proxy_headers.conf; proxy_set_header X-Secure False; proxy_pass http://local_dev_www/; proxy_next_upstream error timeout invalid_header http_500 http_503; internal; } location / { limit_req zone=r_www.local.dev burst=60 nodelay; include proxy_headers.conf; proxy_set_header X-Secure False; proxy_pass http://local_dev_www/; proxy_next_upstream error timeout invalid_header http_500 http_503; } location /api/ { include proxy_headers.conf; proxy_set_header X-Secure False; proxy_pass http://local_dev_www/; proxy_next_upstream error timeout invalid_header http_500 http_503; } location /inc/ { include proxy_headers.conf; proxy_pass http://local_dev_www/inc/; proxy_next_upstream error timeout invalid_header http_500 http_503; } location /i/ { include proxy_headers.conf; proxy_pass http://local_dev_www/i/; proxy_next_upstream error timeout invalid_header http_500 http_503; } location /i/xml/ { return 403; } location /i/banners/ { return 403; } location /id/ { return 403; } }
我想从白名单IP中删除请求限制,并限制任何其他的请求,但目前它的工作方式相反。 它限制了白名单IP的请求,其他IP不受限制。