Opened 13 years ago
Closed 13 years ago
#76 closed defect (fixed)
HttpLimitReq not working
| Reported by: | sam | Owned by: | somebody |
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | nginx-module | Version: | 1.1.x |
| Keywords: | HttpLimitReqModule | Cc: | |
| uname -a: | Linux hw2.dob.sk 3.0.4-gentoo #2 SMP Fri Sep 16 15:02:59 CEST 2011 x86_64 Intel(R) Core(TM)2 Quad CPU Q9450 @ 2.66GHz GenuineIntel GNU/Linux | ||
| nginx -V: |
nginx version: nginx/1.1.12
TLS SNI support enabled configure arguments: --prefix=/usr --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error_log --pid-path=/var/run/nginx.pid --lock-path=/var/lock/nginx.lock --user=nginx --group=nginx --with-cc-opt=-I/usr/include --with-ld-opt=-L/usr/lib --http-log-path=/var/log/nginx/access_log --http-client-body-temp-path=/var/tmp/nginx/client --http-proxy-temp-path=/var/tmp/nginx/proxy --http-fastcgi-temp-path=/var/tmp/nginx/fastcgi --http-scgi-temp-path=/var/tmp/nginx/scgi --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi --with-ipv6 --with-pcre --with-pcre-jit --without-http_referer_module --without-http_split_clients_module --with-http_addition_module --with-http_dav_module --with-http_degradation_module --with-http_gzip_static_module --with-http_realip_module --with-http_stub_status_module --with-http_sub_module --with-http_xslt_module --with-http_realip_module --add-module=/var/tmp/portage/www-servers/nginx-1.1.12-r1/work/agentzh-headers-more-nginx-module-137855d --add-module=/var/tmp/portage/www-servers/nginx-1.1.12-r1/work/ngx_slowfs_cache-1.6 --with-http_ssl_module --with-mail --with-mail_ssl_module |
||
Description
After upgrading from nginx 1.1.8 to 1.1.12, limit req module started to reject requests that has been previously accepted. Firstly I discovered this problem on wordpress admin page that makes really many sub-request, but other pages making only few requests seem to be affected.
config:
limit_req_zone $binary_remote_addr zone=lim1:10m rate=2r/s;
limit_req zone=lim1 burst=10;
error_log:
2012/01/02 22:15:29 [error] 16072#0: *7 limiting requests, excess: 0.571 by zone "lim1", client: 85.237.224.37, server: xxx, request: "GET /wp-content/plugins/akismet/akismet.js?ver=3.3 HTTP/1.1"
2012/01/02 22:15:30 [error] 16072#0: *8 limiting requests, excess: 0.994 by zone "lim1", client: 85.237.224.37, server: xxx, request: "GET /wp-includes/images/rss.png HTTP/1.1"
2012/01/02 22:15:30 [error] 16074#0: *5 limiting requests, excess: 0.993 by zone "lim1", client: 85.237.224.37, server: xxx, request: "GET /wp-content/plugins/wordpress-seo/images/yoast-logo-rss.png HTTP/1.1"
2012/01/02 22:15:30 [error] 16072#0: *9 limiting requests, excess: 0.994 by zone "lim1", client: 85.237.224.37, server: xxx, request: "GET /wp-includes/images/wpmini-blue.png HTTP/1.1"
2012/01/02 22:15:30 [error] 16074#0: *6 limiting requests, excess: 0.993 by zone "lim1", client: 85.237.224.37, server: xxx, request: "GET /wp-content/plugins/wordpress-seo/images/email_sub.png HTTP/1.1"
Other configurations with higher limits give same results.
Workarounded by disabling all limits...
Thank you for report, the limit_req_log_level inheritance fix in 1.1.12 broke burst/nodelay parameter inheritance. The following patch should fix it:
# HG changeset patch # User Maxim Dounin <mdounin@mdounin.ru> # Date 1325547539 -14400 # Node ID af2eb6bbc5c0b58826be3c2730af1549d27880da # Parent e1296af53cc049396fb9b8771cba430d4dc00fe4 Fixed limit_req burst/nodelay inheritance (broken in 1.1.12). diff --git a/src/http/modules/ngx_http_limit_req_module.c b/src/http/modules/ngx_http_limit_req_module.c --- a/src/http/modules/ngx_http_limit_req_module.c +++ b/src/http/modules/ngx_http_limit_req_module.c @@ -570,6 +570,8 @@ ngx_http_limit_req_merge_conf(ngx_conf_t if (conf->shm_zone == NULL) { conf->shm_zone = prev->shm_zone; + conf->burst = prev->burst; + conf->nodelay = prev->nodelay; } ngx_conf_merge_uint_value(conf->limit_log_level, prev->limit_log_level,Workaround would be to explicitly define limit_req in all locations which need protection.