Hello,
With the new pass directive committed, I should be able to implement it
with less overhead as you have suggested.
https://hg.nginx.org/nginx/rev/913518341c20
I'm still trying to push our platform team to implement a firewall, but
this gives me an interim solution. Thanks a lot!
P.S.
Hello again,
By coincidence, and since my previous email, someone has kindly submitted a
fixed
window rate limiting example to the NJS examples Github repo.
https://github.com/nginx/njs-examples/pull/31/files/ba33771cefefdc019ba76bd1f176e25e18adbc67
https://github.com/nginx/njs-examples/tree/
No problem at all :)
One other suggestion if you do go down the double proxy + njs route. Keep an
eye on the
nginx-devel mailing list (or nginx release notes) for this patch series
https://mailman.nginx.org/pipermail/nginx-devel/2023-November/QUTQYBNAHLMQMGTKQK57IXDXD23VVIQO.html
The last patch
Hi Jordan,
Thanks for your suggestion. I will give it a try and also try to push
our K8s team to implement a firewall if possible.
On 20/11/23 10:33, J Carter wrote:
Hello,
A self contained solution would be to double proxy, first through nginx stream
server and then locally back to nginx h
Hello!
On Mon, Nov 20, 2023 at 11:29:39PM +0800, Zero King wrote:
> In our case, layer-4 firewall is difficult to introduce in the request
> path. Would you consider rate limiting in Nginx a valid feature request?
Firewall is expected to be much more effective solution compared
to nginx (which
Hi Maxim,
Thanks for your reply!
In our case, layer-4 firewall is difficult to introduce in the request
path. Would you consider rate limiting in Nginx a valid feature request?
On 19/11/23 08:11, Maxim Dounin wrote:
Hello!
On Sat, Nov 18, 2023 at 02:44:20PM +0800, Zero King wrote:
I want
Hello,
A self contained solution would be to double proxy, first through nginx stream
server and then locally back to nginx http server (with proxy_pass via unix
socket, or to localhost on a different port).
You can implement your own custom rate limiting logic in the stream server with
NJS (j
> sudden surge of requests, existing connections can get enough share of CPU
> to be served properly, while excessive connections are rejected
While you can't limit the connections (before the TLS handshake) there is a
module to limit the requests per client/ip
https://nginx.org/en/docs/http/n
Hello!
On Sat, Nov 18, 2023 at 02:44:20PM +0800, Zero King wrote:
> I want Nginx to limit the rate of new TLS connections and the total (or
> per-worker) number of all client-facing connections, so that under a
> sudden surge of requests, existing connections can get enough share of
> CPU to b
