Hello! On Fri, Oct 01, 2021 at 10:47:01AM +0200, Markus Grobelin wrote:
> Hy everybody, > > I have a reverse-proxy setup with an upstream application that > sets a header (x_tenant_id). > > Based on that headers value, I want to apply a rate limit to > clients. > > I verified the rate limit applies* properly, when a usual > request header (e.g. $http_x_tenant_id) is mapped. However the > config below does not map $upstream_http_x_tenant_id** at all. > > Any advice how to achieve rate limiting using such > $upstream_http_ headers? Request rate limiting, as configured with the limit_req rate directive (not to be confused with response transmission rate limiting, limit_rate), happens before processing a request, that is, before the request is sent to the upstream server and a response is received. As such, you cannot rely on variables only available when a response is received from the upstream server, such as $upstream_http_* variables. If you want to reject requests based on the information only available on the upstream server, the best solution might be to actually reject requests on the upstream server. If you have to do it on nginx for some reason, it should be possible to configure things using X-Accel-Redirect redirections, though this going to be a complex configuration, and it will do two upstream request instead of just one. A better approach might be to re-think your limiting configuration to use something directly available from the request. -- Maxim Dounin http://mdounin.ru/ _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
