One of my teams repeated problems that come up is the simple fact that some users and bots are a little excessive of the servers.
The directives that count here:
We first use
limit_req_zoneto set up at least a rate limit zone, which will then be enabled by placing them inside specific nginx
We start by setting up our first zone named ‘default’, give it 50 megabytes of memory to track our sessions, and set a rate at 1 request per second.
We then implement it in the ‘/’ location, and give it a ‘burst’ of 10.
Every time that a bot exceed the rate of 1 request per second, they have to pay a token. Once they’ve spent all of their tokens, they are given an HTTP 503 error message.
503 means the server is currently unavailable (because it is overloaded or down for maintenance). Generally, this is a temporary state.
As you experience an excessive bot you will see the following in your log
2016/09/01 10:06:29 [error] 109154#109154: *42450 limiting requests, excess: 10.195 by zone "req_limit_per_ip", client: ip.of.attacher, server: default, request: "GET
This is a connection number, also available as $connection.
This is nginx worker PID (also available as $pid) and thread identifier.
This is number of requests accumulated in the bucket. If this number is more than burst defined (10 in our case), further request will be rejected.
Number of requests in the bucket is reduced according to the rate defined and current time, and may not be integer. The ".195" means that an additional request will be allowed in about 195 milliseconds assuming rate 1r/s.
You can get more information at the following location(s) :