Nginx Hackday Porto Linux Limit Requests for Authenticated Users

gistfile1.txt

## At the http level define a connection zone. This is the new post Nginx 1.1.9 syntax that allows multiple zones

## Define two connection zones: arbeit and auth_jail
limit_conn_zone $binary_remote_addr zone=arbeit:10m; # client IP
limit_conn_zone $http_cookie zone=auth_jail:10m; # Cookie header

## Define a map for singling out logged in users.
map $http_cookie $is_authenticated {
    default 0;
    ~SESS 1;
}

server {
    listen [::]:80;
    server_name example.com;
    limit_conn arbeit 32;

    ## Access and error logs.
    access_log  /var/log/nginx/example.com_access.log;
    error_log   /var/log/nginx/example.com_error.log;

    ## See the blacklist.conf file at the parent dir: /etc/nginx.
    ## Deny access based on the User-Agent header.
    if ($bad_bot) {
        return 444;
    }
    ## Deny access based on the Referer header.
    if ($bad_referer) {
        return 444;
    }

    ## Filesystem root of the site and index.
    root /var/www/sites/example.com;
    index index.php;

    location / {

       error_page 418 =200 @auth-jail;
       if ($is_authenticated) {
          return 418;
       }

       ## ... location stuff ...
    }
  

    location @auth-jail {
       
       limit_conn auth_jail 10; # just 10 connections for authenticated users

       ## ... location stuff ...
    }

    ## If you're using a Nginx version greater or equal to 1.1.4 then
    ## you can use keep alive connections to the upstream be it
    ## FastCGI or Apache. If that's not the case comment out the line below.
    fastcgi_keep_conn on; # keep alive to the FCGI upstream

    #... more stuff ...

} # HTTP server