From 143eaf362db8f569f088b08f115c8e183abf020a Mon Sep 17 00:00:00 2001 From: Mouse Reeve Date: Fri, 15 Jul 2022 13:14:31 -0700 Subject: [PATCH 1/2] Adds rate limiting to some views in nginx --- nginx/development | 9 +++++++++ nginx/server_config | 1 + 2 files changed, 10 insertions(+) diff --git a/nginx/development b/nginx/development index 05b27c2b13..fbb25c1b2d 100644 --- a/nginx/development +++ b/nginx/development @@ -7,6 +7,15 @@ upstream web { server { listen 80; + location ~ ^/(login|password-reset|resend-link) { + limit_req zone=loginlimit; + + proxy_pass http://web; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + proxy_redirect off; + } + location / { proxy_pass http://web; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; diff --git a/nginx/server_config b/nginx/server_config index c9aad8e4a2..385f747ecb 100644 --- a/nginx/server_config +++ b/nginx/server_config @@ -1 +1,2 @@ client_max_body_size 10m; +limit_req_zone $binary_remote_addr zone=loginlimit:10m rate=1r/s; From e1e6a2d38037d499b32c1b4e0ab0361a5985e2b6 Mon Sep 17 00:00:00 2001 From: Mouse Reeve Date: Fri, 15 Jul 2022 13:19:42 -0700 Subject: [PATCH 2/2] Adds block to prod config --- nginx/production | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/nginx/production b/nginx/production index 3d9cfa5ae1..3a3aeb7dd4 100644 --- a/nginx/production +++ b/nginx/production @@ -41,6 +41,15 @@ server { # root /var/www/certbot; # } # +# location ~ ^/(login|password-reset|resend-link) { +# limit_req zone=loginlimit; +# +# proxy_pass http://web; +# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +# proxy_set_header Host $host; +# proxy_redirect off; +# } +# # location / { # proxy_pass http://web; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;