DEV Community

rndmh3ro
rndmh3ro

Posted on • Originally published at zufallsheld.de on

TIL that nginx http_limit_conn module can wreak havoc to your website

The nginx http_limit_conn module to limit http connections works as advertised. It limits the number of connections an ip-address (or other directives) can make to the nginx.

Also: the Ansible hardening-role for nginx as a default limit of 5 connections (see).

This bit me hard: One website I host makes concurrent connections to two APIs and a static frontend-webserver to fetch contents. This was a small debugging nightmare because these three applications did not log anything.

That’s because the requests never made it to them. They got blocked with a 503 error in the reverseproxy.

As I located the problem on the reverseproxy, the error logs made it obvious:

2021/06/25 13:44:58 [error] 1822158#0: *2105549 limiting connections by zone "default", client: 123.123.123.0 server: example.com, request: "GET /core/modules/views/js/base.js?v=8.9.13 HT
TP/2.0", host: "example.com"

Enter fullscreen mode Exit fullscreen mode

Top comments (0)