> On 6 May 2022, at 03:54, Alan Jackson <alan.jack...@netvalue.nz> wrote: > > Hi, > > I'm trying to use rate limiting on an nginx mail proxy->nginx fastcgi backend > to restrict the number of concurrent connections from a client's IP. > Unfortunately, I can't use proxy_protocol on the mail proxy side due to the > nginx version not supporting it. > > Using debug logging, I know that the nginx mail proxy is passing through an > http header 'Client-IP' which contains the originating client IP. > > I've confirmed that in the http backend, the variable $http_client_ip > contains the originating request's client ip ($binary_remote_addr just > contains 127.0.0.1 due to the proxy), and that setting a return http header > using this variable works just fine. > > However, when I try to use limit_conn_zone with the $http_client_ip variable, > it is not behaving as I expect: > > "limit_conn_zone $http_client_ip zone=perip:10m;" > > Results in log lines like: > > "limiting connections, dry run, by zone "perip", client: 127.0.0.1, server: > _, request: "GET /mail_auth.php HTTP/1.0" > > which doesn't look like the variable is being instantiated properly (client > is still 127.0.0.1). >
The "client: 127.0.0.1" part is the above log represents client address you previously claimed to contain "127.0.0.1", which is fine. The limit_conn_zone key evaluated content is logged at the debug level. > Is using an $http_ variable expected to work in a limit_conn_zone config like > this? > Yes, it is. _______________________________________________ nginx mailing list -- nginx@nginx.org To unsubscribe send an email to nginx-le...@nginx.org
