From 0ed213fa0ddb7a6dc77e3c3b99e8fc90ccdaf46f Mon Sep 17 00:00:00 2001
From: Alexander Todorov <atodorov@otb.bg>
Date: Tue, 7 Feb 2023 21:04:28 +0200
Subject: [PATCH] Rate limit everything under /accounts/

---
 etc/nginx.conf | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/etc/nginx.conf b/etc/nginx.conf
index b6148ab59c..a0a98e8156 100644
--- a/etc/nginx.conf
+++ b/etc/nginx.conf
@@ -51,6 +51,13 @@ http {
     proxy_set_header Host $host;
     proxy_set_header X-Real-IP $remote_addr;
 
+    map $request_uri $limit_key {
+        default "";
+        ~^/accounts/ $binary_remote_addr;
+    }
+    limit_req_zone $limit_key zone=ten-per-sec:10m rate=10r/s;
+    limit_req_status 429;
+
     upstream kiwitcms {
         server unix:///tmp/kiwitcms.sock;
     }
@@ -81,6 +88,8 @@ http {
         location / {
             include     /etc/nginx/uwsgi_params;
             uwsgi_pass  kiwitcms;
+
+            limit_req zone=ten-per-sec burst=20 nodelay;
         }
     }
 }