We are trying to use Nginx as a server for load balancing, and for security reasons, we decided to apply the native rate limiting feature, configuring it so that when there are more than 200 requests per second, the user has the request blocked.
We use the settings below to configure this block when the user reaches the limit.
limit_req_zone $binary_remote_addr zone=one:10m rate=200r/s;
limit_req zone=one burst=20;
It so happens that even if a user makes 97 AJAX requests on the first access, Nginx blocks these requests, as shown in the log below:
2022/07/19 11:10:37 [error] 8494#8494: *1698 limiting requests, excess: 20.600 by zone "one", client: [USER-IP], server: example.com, request: "GET /views/components/page-1.html HTTP/1.1", host: "example.com", referrer: "https://example.com/dash.html"
2022/07/19 11:10:37 [error] 8495#8495: *1699 limiting requests, excess: 20.600 by zone "one", client: [USER-IP], server: example.com, request: "GET /views/components/page-2.html HTTP/1.1", host: "example.com", referrer: "https://example.com/dash.html"
2022/07/19 11:10:37 [error] 8495#8495: *1702 limiting requests, excess: 20.800 by zone "one", client: [USER-IP], server: example.com, request: "GET /views/components/page-3.html HTTP/1.1", host: "example.com", referrer: "https://example.com/dash.html"
What might have been misconfigured and how can we fix it?
