so I’ve tried adding rate-limit handeling in my nginx configuration which seemd to have broken things.
I’ll share 2 nginx configuration versions, the first one without the ratelimiting part which works fine and the second one with the ratelimit part added.
The Confiug with the ratelimit part added, causes this too many redirects error.
Without Ratelimit (Working)
server {
listen 80;
server_name genefit.cc www.genefit.cc;
root /var/www/html;
index index.htm index.html index.php;
charset utf-8;
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/error.log error;
sendfile off;
client_max_body_size 100m;
location ~* /(phpinfo.php|php_info.php|info.php|_profiler/phpinfo.php|.ht) {
deny all;
}
# Allow POST on specific endpoints
location ~* ^/(velocity/|joinify/|joinify2/|leavify/|checky/|queuebot/)$ {
if ($request_method !~ ^(POST|GET)$) {
return 405;
}
}
# Restrict methods other than GET and provide a 405 error for other locations
location / {
if ($request_method !~ ^(GET)$) {
return 405;
}
}
# Error page configuration
error_page 300 301 302 303 304 305 306 307 308 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 421 422 423 424 425 426 428 429 431 451 500 501 502 503 504 505 506 507 508 510 511 /error.php?code=$status;
location ~ /error.php$ {
include fastcgi_params;
root /var/www/html/;
#try_files $uri $uri/ =404;
fastcgi_pass genefit.cc:9000;
fastcgi_index error.php;
fastcgi_intercept_errors off;
fastcgi_buffer_size 16k;
fastcgi_buffers 4 16k;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_param QUERY_STRING $query_string;
}
location ~ .php$ {
fastcgi_split_path_info ^(.+.php)(/.+)$;
fastcgi_pass genefit.cc:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors on;
fastcgi_buffer_size 16k;
fastcgi_buffers 4 16k;
}
}
With ratelimiting (not working):
server {
listen 80;
server_name genefit.cc www.genefit.cc;
root /var/www/html;
index index.htm index.html index.php;
charset utf-8;
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/error.log error;
sendfile off;
client_max_body_size 100m;
# Deny access to certain files
location ~* /(phpinfo.php|php_info.php|info.php|_profiler/phpinfo.php|.ht) {
deny all;
}
# Global rate limiting configuration
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
# Apply rate limiting globally
location / {
limit_req zone=one burst=5;
limit_req_status 429;
# Only allow POST on specific endpoints, otherwise allow GET only
set $allowed_endpoint 0;
if ($uri ~* ^/(velocity/|joinify/|joinify2/|leavify/|checky/|queuebot/)$) {
set $allowed_endpoint 1;
}
if ($request_method !~ ^(GET)$) {
if ($allowed_endpoint = 0) {
return 405;
}
}
try_files $uri $uri/ =404;
}
# Error page configuration
error_page 300 301 302 303 304 305 306 307 308 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 421 422 423 424 425 426 428 429 431 451 500 501 502 503 504 505 506 507 508 510 511 /error.php?code=$status;
location ~ /error.php$ {
include fastcgi_params;
root /var/www/html/;
fastcgi_pass genefit.cc:9000;
fastcgi_index error.php;
fastcgi_intercept_errors off;
fastcgi_buffer_size 16k;
fastcgi_buffers 4 16k;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_param QUERY_STRING $query_string;
}
location ~ .php$ {
fastcgi_split_path_info ^(.+.php)(/.+)$;
fastcgi_pass genefit.cc:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors on;
fastcgi_buffer_size 16k;
fastcgi_buffers 4 16k;
}
}
I have tried quite a bit myself like moving block around so that they correctly apply in order as i’m aware that nginx look for the first match and if it finds a hit, it don’t look future.