Rate limit everything under /accounts/

kiwitcms · Feb 8, 2023 · 0ed213f · 0ed213f
1 parent 2e357ad
commit 0ed213f
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/etc/nginx.conf b/etc/nginx.conf
@@ -51,6 +51,13 @@ http {
     proxy_set_header Host $host;
     proxy_set_header X-Real-IP $remote_addr;
 
+    map $request_uri $limit_key {
+        default "";
+        ~^/accounts/ $binary_remote_addr;
+    }
+    limit_req_zone $limit_key zone=ten-per-sec:10m rate=10r/s;
+    limit_req_status 429;
+
     upstream kiwitcms {
         server unix:///tmp/kiwitcms.sock;
     }
@@ -81,6 +88,8 @@ http {
         location / {
             include     /etc/nginx/uwsgi_params;
             uwsgi_pass  kiwitcms;
+
+            limit_req zone=ten-per-sec burst=20 nodelay;
         }
     }
 }