I need to throttle connections/requests in NGINX server for both http and http2 requests. However, the throttling must not be applied to CDN specific IP addresses (which is already populated in geo block)
I have following config to throttle http/http2 requests when CDN specific requirement not in place.
map $http2 $http1connlimitkey {
default "";
"" $binary_remote_addr;
}
map $http2 $http2connlimitkey {
default $binary_remote_addr;
"" "";
}
Either of http1connlimitkey and http2connlimitkey key is set to binary_remote_addr depending upon the type of connection.
Now irrespective of the connection type, if the connection is originated from CDN, I need to set the above keys to empty to escape the connection throttling.
I am following approach given in this solution How to rate-limit in nginx, but including/excluding certain IP addresses? to map the request origin.
geo $whitelist {
default 0;
# CIDR in the list below are not limited
1.2.3.0/24 1;
9.10.11.12/32 1;
}
map $whitelist $limit {
0 $binary_remote_addr;
1 "";
}
How do I set the http1connlimitkey and http2connlimitkey to empty if request is from CDN.
One of the way I am thinking is to have map like below
map $whitelist $cdn {
0 ""
1 "CDN";
}
map "$cdn$http2" $http1connlimitkey {
"^CDN" ""
"" $binary_remote_addr;
default "";
}
map "$cdn$http2" $http2connlimitkey {
"^CDN" ""
default $binary_remote_addr;
"" "";
}
Any other better way to handle the same. I need to escape both http and http2 limits in case request in originated from CDN.
Thanks
