Opened 11 months ago
Closed 11 months ago
#2583 closed defect (invalid)
possible bug in http/modules/ngx_http_limit_req_module.c
Reported by: | Owned by: | ||
---|---|---|---|
Priority: | minor | Milestone: | |
Component: | nginx-module | Version: | 1.24.x |
Keywords: | Cc: | ||
uname -a: | Linux lb2 6.1.0-10-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.37-1 (2023-07-03) x86_64 GNU/Linux | ||
nginx -V: |
nginx version: nginx/1.24.0
built by gcc 10.2.1 20210110 (Debian 10.2.1-6) built with OpenSSL 1.1.1n 15 Mar 2022 TLS SNI support enabled configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-g -O2 -ffile-prefix-map=/data/builder/debuild/nginx-1.24.0/debian/debuild-base/nginx-1.24.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie' |
Description
Hi,
using the limit_req_module i've found a possible bug.
the variable $limit_req_status is not filled, i guess because the same pointer, (variable) was used to set the http return code directive "limit_req_status code; as wrote in the documentation. unfortunately i'm not a good C devel so i can't provide a working patch.
This behavior are present both in the source code compiled and also in the official deb.
Change History (2)
comment:1 by , 11 months ago
comment:2 by , 11 months ago
Resolution: | → invalid |
---|---|
Status: | new → closed |
Indeed, the rewrite module directives, including return
, are executed when nginx is looking for a configuration to process a request, and therefore limit_req
is never used in the configuration in question. Closing this.
Hello,
sorry my fault, i was testing with a dummy location:
http {
limit_req_zone $server_name zone=prevent_abusers:10m rate=1r/m;
}
server{
location /echo/ {
}
}
and in this specific configuration the limit_req doesn't work.
My fault to lack the knowlege of limit module.
thanks