From ad7aed07b5cc5570379d55ed1e499f7362a80d6c Mon Sep 17 00:00:00 2001 From: Lova Andriarimalala <43842786+Xpirix@users.noreply.github.com> Date: Mon, 17 Jun 2024 10:21:41 +0300 Subject: [PATCH] Implement rate limit in nginx configuration (#413) --- dockerize/sites-enabled/prod-ssl.conf | 13 +++++++++++++ dockerize/sites-enabled/prod.conf | 8 ++++++++ 2 files changed, 21 insertions(+) diff --git a/dockerize/sites-enabled/prod-ssl.conf b/dockerize/sites-enabled/prod-ssl.conf index 589715f1..94ca5328 100644 --- a/dockerize/sites-enabled/prod-ssl.conf +++ b/dockerize/sites-enabled/prod-ssl.conf @@ -4,6 +4,9 @@ upstream uwsgi { server uwsgi:8080; } +# Define the rate limit zone: 10 requests per second for each IP address +limit_req_zone $binary_remote_addr zone=one:10m rate=10r/s; + server { # OTF gzip compression gzip on; @@ -66,6 +69,11 @@ server { } # Finally, send all non-media requests to the Django server. location / { + + # Apply rate limit + limit_req zone=one burst=20 nodelay; + limit_req_status 429; + uwsgi_pass uwsgi; # the uwsgi_params file you installed needs to be passed with each # request. @@ -184,6 +192,11 @@ server { } # Finally, send all non-media requests to the Django server. location / { + + # Apply rate limit + limit_req zone=one burst=20 nodelay; + limit_req_status 429; + uwsgi_pass uwsgi; # the uwsgi_params file you installed needs to be passed with each # request. diff --git a/dockerize/sites-enabled/prod.conf b/dockerize/sites-enabled/prod.conf index 086d6903..1aa73956 100644 --- a/dockerize/sites-enabled/prod.conf +++ b/dockerize/sites-enabled/prod.conf @@ -4,6 +4,9 @@ upstream uwsgi { server uwsgi:8080; } +# Define the rate limit zone: 10 requests per second for each IP address +limit_req_zone $binary_remote_addr zone=one:10m rate=10r/s; + server { # OTF gzip compression gzip on; @@ -63,6 +66,11 @@ server { } # Finally, send all non-media requests to the Django server. location / { + + # Apply rate limit + limit_req zone=one burst=20 nodelay; + limit_req_status 429; + uwsgi_pass uwsgi; # the uwsgi_params file you installed needs to be passed with each # request.