How to Limit the Request Rate or Concurrent Connections for Specific Clients in Nginx?

If you're using Nginx as your web server, you might want to limit the request rate or concurrent connections for specific clients to prevent abuse or ensure fair resource allocation. Fortunately, Nginx provides a set of powerful directives to achieve this goal. In this article, we will explore how to limit the request rate or concurrent connections for specific clients in Nginx.

Using the Limit Requests Module

The Limit Requests module allows you to limit the number of requests per specified time period for each client IP address. Here's how you can use it:

1. Open your Nginx configuration file, which is usually located at /etc/nginx/nginx.conf or /etc/nginx/conf.d/default.conf.

2. Within the http block, add the following lines:

	limit_req_zone $binary_remote_addr zone=client_rate_limit:10m rate=1r/s;
	

This directive creates a shared memory zone named client_rate_limit to store the state of clients and their request rates. The rate=1r/s argument specifies that each client's requests should be limited to 1 request per second. You can adjust this value to your desired rate limit.

3. Next, find the location where you want to apply the rate limit. For example, if you want to limit requests to the /api endpoint, locate the corresponding location block.

4. Inside the location block, add the following lines:

	limit_req zone=client_rate_limit burst=5 nodelay;
	

The zone=client_rate_limit argument links the rate limit to the defined zone. The burst=5 argument specifies the maximum number of requests allowed to exceed the rate limit in a burst, while nodelay ensures that exceeding requests are not delayed.

5. Save the configuration file and restart Nginx for the changes to take effect. On Ubuntu, you can run the following command:

	sudo systemctl restart nginx
	

Now, Nginx will restrict the request rate to the specified endpoint for each client IP address based on the configured limit. If a client exceeds the rate limit, Nginx will respond with a 503 Service Unavailable error.

Using the Limit Connections Module

If you want to limit the concurrent connections for specific clients, you can use the Limit Connections module in Nginx. Here's how:

1. Open your Nginx configuration file, as mentioned earlier.

2. Within the http block, add the following lines:

	limit_conn_zone $binary_remote_addr zone=client_conn_limit:10m;
	

This directive creates a shared memory zone named client_conn_limit to store the state of clients and their connection limits. The 10m specifies the size of the shared memory zone, but you can adjust this value as per your requirements.

3. Next, locate the location block where you want to limit concurrent connections.

4. Inside the location block, add the following lines:

	limit_conn client_conn_limit 10;
	

The client_conn_limit argument links the connection limit to the defined zone, and the 10 specifies the maximum number of connections allowed for each client IP address. Change this value to meet your specific needs.

5. Save the configuration file and restart Nginx for the changes to take effect.

Now, Nginx will restrict the number of concurrent connections for each client IP address based on the specified limit. If a client exceeds the connection limit, Nginx will close the connection or respond with a 503 Service Unavailable error.

By utilizing Nginx's powerful modules for request rate and connection limiting, you can effectively manage client traffic and prevent abuse, ensuring fair usage and optimal server performance.