Guides and Tutorials / Tutorial
· Tutorial ·

Rate Limit NGINX

One of the most useful features of NGINX is speed limitation. Lets you limit the number of HTTP / HTTPS requests that a user can make in a given period of time. A request can be as simple as a GET request for a website's home page or a POST request on a login form.

Speed limitation can be used for security purposes, for example to slow brute force attacks to guess passwords. It can help to protect against DDoS attacks by limiting the incoming request rate to a typical value for real users and identifying destination URLs.

info More generally, it is used to protect upstream application servers from being overwhelmed by too many user requests at the same time.

Set the Rate Limit parameter

The location of the file to configure, to limit the speed of your website, is found in the following path:

/etc/nginx/swhosting/vhosts/yourdomain.tld.conf

You must open the file with a file editor and locate the following parameters:

Port 80 (http)

# Rate limit for each domain  
limit_req_zone $binary_remote_addr zone=yourdomain.tld_rate:1m rate=150r/s;  
   
...  
    
server {  
listen 80;
	
...
      
limit_req zone=yourdomain.tld_rate burst=50 nodelay;  
      
...

The lines that you must modify, to apply the desired values, are:

limit_req_zone $binary_remote_addr zone=yourdomain.tld_rate:1m rate=VALUEr/s;

limit_req zone=yourdomain.tld_rate burst=VALUE nodelay;

info If you are using an SSL certificate for your website, also remember to apply the values of the "Rate Limit" in the section corresponding to port 443 of the same configuration file.

Port 443 (https)

# Rate limit for each domain  
limit_req_zone $binary_remote_addr zone=yourdomain.tld_rate:1m rate=150r/s;  
      
 ...  
	
server {  
listen 443;
	
...
      
limit_req zone=yourdomain.tld_rate burst=50 nodelay;  
      
...

Now you just have to perform the following command, to make sure that the new configuration is correct and it is safe to restart Nginx.

nginx -t

You will see something similar on the screen:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Otherwise, it reverts the changes made.

Now it only remains to restart Nginx so that it applies the new configuration.

/etc/init.d/nginx	reload

Or you can also use:

/etc/init.d/nginx restart

success With these changes you will have the NGINX speed limitation of your website configured for both HTTP and HTTPS.

i