Use Nginx to rate-limit only when origin server response code is 401

April 22, 2018 711 views
Nginx Node.js Ubuntu 16.04

I want to use nginx to rate limit access to my API end-points only when the origin server response code is 401(Unauthorized). I have searched everywhere and couldn't find anything related to my issue so please let me know if this is doable with nginx. Thanks in advance.

1 Answer

This isn't something I've attempted and doing some searching shows that you've been looking around for an answer for this quite a bit lately :)

You can have nginx intercept upstream error messages, so with that turned on you could rate limit based on a 401 response in the same way as if that error was local to nginx.

This shows an example of the option to intercept upstream error codes.

  • Hello Ryan,

    I tried this and it doesn't work. It seems rate limiting happens early in request pipeline so intercepting errors and having a limit_req inside that location block does nothing. Here's my source:

    limit_req_zone $limit zone=noauth:10m rate=1r/m;
    
    location /api {
        proxy_intercept_errors on;
        ...
        error_page 401=@noauth;
    }
    
    location @noauth {
        limit_req zone=noauth;
    
        return 401;
    }
    
    

    Let me know if I am doing anything wrong and thank you for your reply.

Have another answer? Share your knowledge.