Skip to content

Commit

Permalink
Add rate limiting
Browse files Browse the repository at this point in the history
  • Loading branch information
Darren Govoni committed Oct 22, 2021
1 parent f5ce03b commit b2e4fea
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions conf/nginx.conf
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,9 @@ http {
#include /etc/nginx/fastcgi.conf;
index index.html index.htm index.php;

limit_req_zone $binary_remote_addr zone=one:10m rate=40r/m;
limit_conn_zone $binary_remote_addr zone=addr:10m;

default_type application/octet-stream;

log_format main '$remote_addr - $remote_user [$time_local] $status '
Expand All @@ -37,6 +40,8 @@ http {
access_log logs/balsam.access.log main;

location / {

limit_req zone=one burst=15;
proxy_pass http://balsam;

include uwsgi_params;
Expand Down

1 comment on commit b2e4fea

@masalim2
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

With HPC clients, we could end up with scenarios where:

  • one user can run from a bunch of IP addresses and get around the IP address-based limiting
  • A NAT gateway might route many different users' requests all through the same remote IP address, causing all users behind Theta to share a single rate limiting bucket

Would it be possible to instead rate limit on the value of the Authorization header in the HTTP request?

Please sign in to comment.