One of the most useful features of NGINX is speed limitation. Lets you limit the number of HTTP / HTTPS requests that a user can make in a given period of time. A request can be as simple as a GET
request for a website's home page or a POST
request on a login form.
Speed limitation can be used for security purposes, for example to slow brute force attacks to guess passwords. It can help to protect against DDoS attacks by limiting the incoming request rate to a typical value for real users and identifying destination URLs.
info More generally, it is used to protect upstream application servers from being overwhelmed by too many user requests at the same time.
The location of the file to configure, to limit the speed of your website, is found in the following path:
/etc/nginx/swhosting/vhosts/yourdomain.tld.conf
You must open the file with a file editor and locate the following parameters:
# Rate limit for each domain
limit_req_zone $binary_remote_addr zone=yourdomain.tld_rate:1m rate=150r/s;
...
server {
listen 80;
...
limit_req zone=yourdomain.tld_rate burst=50 nodelay;
...
The lines that you must modify, to apply the desired values, are:
limit_req_zone $binary_remote_addr zone=yourdomain.tld_rate:1m rate=VALUEr/s;
limit_req zone=yourdomain.tld_rate burst=VALUE nodelay;
info If you are using an SSL certificate for your website, also remember to apply the values of the "Rate Limit" in the section corresponding to port
443
of the same configuration file.
# Rate limit for each domain
limit_req_zone $binary_remote_addr zone=yourdomain.tld_rate:1m rate=150r/s;
...
server {
listen 443;
...
limit_req zone=yourdomain.tld_rate burst=50 nodelay;
...
Now you just have to perform the following command, to make sure that the new configuration is correct and it is safe to restart Nginx.
nginx -t
You will see something similar on the screen:
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
Otherwise, it reverts the changes made.
Now it only remains to restart Nginx so that it applies the new configuration.
/etc/init.d/nginx reload
Or you can also use:
/etc/init.d/nginx restart
success With these changes you will have the NGINX speed limitation of your website configured for both HTTP and HTTPS.