Hello! On Wed, Dec 27, 2017 at 12:45:45PM +0200, [email protected] wrote:
> # HG changeset patch > # User aspel <[email protected]> > # Date 1514370676 0 > # Wed Dec 27 10:31:16 2017 +0000 > # Node ID a24cb7e952ae4db04e133fa8f3ad7b51703e03d5 > # Parent 32dd4fc94fba998762aaec65652ad8d554052fc8 > Added additional parameter "r/h" (requests per hour) > > > This additional parameter will help protect a server from brute-force. > > In which thousands of IP addresses participate. > > > diff -r 32dd4fc94fba -r a24cb7e952ae > src/http/modules/ngx_http_limit_req_module.c > --- a/src/http/modules/ngx_http_limit_req_module.c Tue Dec 26 19:01:12 2017 > +0300 > +++ b/src/http/modules/ngx_http_limit_req_module.c Wed Dec 27 10:31:16 2017 > +0000 > @@ -801,6 +801,10 @@ > } else if (ngx_strncmp(p, "r/m", 3) == 0) { > scale = 60; > len -= 3; > + > + } else if (ngx_strncmp(p, "r/h", 3) == 0) { > + scale = 3600; > + len -= 3; > } > > > rate = ngx_atoi(value[i].data + 5, len - 5); This won't work as scale is limited to 1000 by the storage granularity, see ctx->rate = rate * 1000 / scale; below in the same function. That is, rate=1r/h will actually mean zero rate. See also https://trac.nginx.org/nginx/ticket/68. -- Maxim Dounin http://mdounin.ru/ _______________________________________________ nginx-devel mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx-devel
