Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
Arch Linux
infrastructure
Commits
8bf73311
Verified
Commit
8bf73311
authored
Jul 12, 2021
by
Jelle van der Waa
🚧
Browse files
Set a 10req/s rate limit for the wiki's php-fpm endpoint
parent
d1259285
Changes
1
Hide whitespace changes
Inline
Side-by-side
roles/archwiki/templates/nginx.d.conf.j2
View file @
8bf73311
...
...
@@ -3,6 +3,10 @@ fastcgi_cache_key "$scheme$request_method$host$request_uri";
# rate limit API endpoint
limit_req_zone $binary_remote_addr zone=api_zone:10m rate=5r/s;
# limit general requests to 10 r/s to block DoS attempts with a burst of 10.
limit_req_zone $binary_remote_addr zone=archwikilimit:10m rate=10r/s;
limit_req_status 429;
upstream archwiki {
...
...
@@ -104,6 +108,8 @@ server {
fastcgi_pass archwiki;
fastcgi_index index.php;
include fastcgi.conf;
limit_req zone=archwikilimit burst=10 nodelay;
}
# whitelist known OK directories
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment