Implement rate limit in nginx configuration (#413)

qgis · Jun 17, 2024 · ad7aed0 · ad7aed0
1 parent 75a5de1
commit ad7aed0
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 0 deletions.
diff --git a/dockerize/sites-enabled/prod-ssl.conf b/dockerize/sites-enabled/prod-ssl.conf
@@ -4,6 +4,9 @@ upstream uwsgi {
     server uwsgi:8080;
 }
 
+# Define the rate limit zone: 10 requests per second for each IP address
+limit_req_zone $binary_remote_addr zone=one:10m rate=10r/s;
+
 server {
     # OTF gzip compression
     gzip on;
@@ -66,6 +69,11 @@ server {
     }
     # Finally, send all non-media requests to the Django server.
     location / {
+
+        # Apply rate limit
+        limit_req zone=one burst=20 nodelay;
+        limit_req_status 429;
+
         uwsgi_pass  uwsgi;
         # the uwsgi_params file you installed needs to be passed with each
         # request.
@@ -184,6 +192,11 @@ server {
     }
     # Finally, send all non-media requests to the Django server.
     location / {
+
+        # Apply rate limit
+        limit_req zone=one burst=20 nodelay;
+        limit_req_status 429;
+
         uwsgi_pass  uwsgi;
         # the uwsgi_params file you installed needs to be passed with each
         # request.

diff --git a/dockerize/sites-enabled/prod.conf b/dockerize/sites-enabled/prod.conf
@@ -4,6 +4,9 @@ upstream uwsgi {
     server uwsgi:8080;
 }
 
+# Define the rate limit zone: 10 requests per second for each IP address
+limit_req_zone $binary_remote_addr zone=one:10m rate=10r/s;
+
 server {
     # OTF gzip compression
     gzip on;
@@ -63,6 +66,11 @@ server {
     }
     # Finally, send all non-media requests to the Django server.
     location / {
+
+        # Apply rate limit
+        limit_req zone=one burst=20 nodelay;
+        limit_req_status 429;
+
         uwsgi_pass  uwsgi;
         # the uwsgi_params file you installed needs to be passed with each
         # request.