3

I've successfully set up rate limiting on IP addresses like so,

limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;

But I was wondering if its possible to do the same on referrers? For example, if a site gets placed in an iframe on a third party site, which generates too much traffic to handle.

I can't find any nginx variables for the referrer anywhere.

I don't want to block traffic completely, just limit the traffic that comes from an iframe.

Is this possible? Or can the solution be achieved in a different way?

Thanks.

SteveEdson
  • 1,479
  • 3
  • 12
  • 23

2 Answers2

2

@R1CH_TL on Twitter suggested using something like this:

map $http_referer $limit_ip_key {
    default $binary_remote_addr;
    "http://domain-to-limit.co.uk/" 1;
}

limit_req_zone  $limit_ip_key        zone=two:10m   rate=1r/s;

Would this method work? And would it be better than silasistefan's solution?

SteveEdson
  • 1,479
  • 3
  • 12
  • 23
1

Did you try something like this?

location / {

    error_page 410 = @ads;

    # if referrer is invalid then limit
    valid_referers none blocked www.domain.com;
    if ($invalid_referer) {
        return   410;
    }

    # if ?isAD=1 then limit
    if ($arg_isAD = "1"){
        return 410;
    }

    root   /var/www;
}

location @ads {
    limit_req   zone=one  burst=5;
}
silasistefan
  • 11
  • 1