1

I would like to limit some nginx location and avoid two parallel FastCGI threads for the same POST data ($request_body).

I've added a limit connection zone and configured connection limit on a location:

log_format postdata '$remote_addr - $remote_user [$time_local] '
                       '"$request" $status $bytes_sent '
                       '"$http_referer" "$http_user_agent" "$request_body" /$upstream_cache_status/';

limit_conn_zone $request_body zone=tco_body:10m;

server {
.....
    access_log /var/log/nginx/www.example.com_access.log postdata;

    location ~ ^/billing/modules/gateways/callback/tco.php$ {
        client_body_buffer_size 16m;
        limit_conn tco_body 1;
        limit_conn_log_level info;
        limit_conn_status 429;

        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
        if (!-f $document_root$fastcgi_script_name) {
            return 404;
        }

        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
        client_max_body_size 64M;
        fastcgi_pass 127.0.0.1:9901;
    }

but unfortunately nginx still can accept and send to php-fpm backend two requests with the same POST data at the same moment.

Nginx logs $request_body correctly when limit_conn is disabled. But I have noticed another weird behavior - access log doesn't contain $request_body when limit_conn is enabled on this location and there's only "-".

xx.xx.xx.xx - - [22/Dec/2020:07:10:45 -0800] "POST /billing/modules/gateways/callback/tco.php HTTP/2.0" 200 315 "-" "Guzzle/6.2.1" "-" /-/

I tried to apply this limit on nginx/1.14.2 (from Debian apt repository) and nginx/1.19.6 (from the official nginx repository). Debian 10.

Does anyone have a suggestion on what do I miss on this setup to make it work as expected?

0 Answers0