orange
orange copied to clipboard
orlabs
rate limiting无效
我在URL重定向里面定义了一个指向百度的uri,在rate limiting里面设置了1小时1次的规则,但是无法进行限制,能否帮助解决一下,谢谢各位。
nginx配置文件
`
upstream default_upstream {
server localhost:8001;
server 223.111.201.30:8001;
}
lua_package_path '/usr/local/orange/?.lua;/usr/local/lor/?.lua;;';
lua_code_cache on;
lua_shared_dict orange_data 20m; # should not removed. used for orange data, e.g. plugins configurations..
lua_shared_dict status 1m; # used for global statistic, see plugin: stat
lua_shared_dict waf_status 1m; # used for waf statistic, see plugin: waf
lua_shared_dict monitor 10m; # used for url monitor statistic, see plugin: monitor
lua_shared_dict rate_limit 10m; # used for rate limiting count, see plugin: rate_limiting
lua_shared_dict property_rate_limiting 10m; # used for rate limiting count, see plugin: rate_limiting
init_by_lua_block {
local orange = require("orange.orange")
local env_orange_conf = os.getenv("ORANGE_CONF")
print(string.char(27) .. "[34m" .. "[INFO]" .. string.char(27).. "[0m", [[the env[ORANGE_CONF] is ]], env_orange_conf)
local config_file = env_orange_conf or ngx.config.prefix().. "/conf/orange.conf"
local config, store = orange.init({
config = config_file
})
-- the orange context
context = {
orange = orange,
store = store,
config = config
}
}
init_worker_by_lua_block {
local orange = context.orange
orange.init_worker()
}
server {
listen 8888;
#server_name my_domain.com;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location / {
set $upstream_host $host;
set $upstream_url 'http://default_upstream';
rewrite_by_lua_block {
local orange = context.orange
orange.redirect()
orange.rewrite()
}
access_by_lua_block {
local orange = context.orange
orange.access()
}
# proxy
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Scheme $scheme;
proxy_set_header Host $upstream_host;
proxy_pass $upstream_url;
header_filter_by_lua_block {
local orange = context.orange
orange.header_filter()
}
body_filter_by_lua_block {
local orange = context.orange
orange.body_filter()
}
log_by_lua_block {
local orange = context.orange
orange.log()
}
}
location /robots.txt {
return 200 'User-agent: *\nDisallow: /';
}
}
server {
listen 8001;
server_name localhost 127.0.0.1;
access_log ./logs/default_upstream_access.log main;
error_log ./logs/default_upstream_error.log;
location / {
content_by_lua_block {
ngx.status = 404
ngx.say([[404! upstream not found. Host: ]] .. ngx.var.host .. " URI: " .. ngx.var.uri)
}
}
}
server {
listen 9999;
stub_status on;
#server_name localhost;
access_log ./logs/dashboard_access.log main;
error_log ./logs/dashboard_error.log info;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location /robots.txt {
return 200 'User-agent: *\nDisallow: /';
}
# dashboard的静态文件
location ~* /static/(.*) {
alias ./dashboard/static/$1;
}
location / {
set $template_root '';
content_by_lua_block {
context.views_path = ngx.config.prefix() .. "/dashboard/views"
local main = require("dashboard.main")
main:run()
}
}
}
server {
listen 7777;
#server_name localhost;
access_log ./logs/api_access.log main;
error_log ./logs/api_error.log info;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location /robots.txt {
return 200 'User-agent: *\nDisallow: /';
}
location / {
content_by_lua_block {
local main = require("api.main")
main:run()
}
}
}
} `
- 请按照issues模板,提供使用的版本以及最小化复现测试用例,我用的v0.7的版本限速插件是没有问题的
你好,可以帮我看一下问题吗
- 显然这并不是Nginx的bug,要理解这里发生的事情,首先要知道Nginx处理每一个用户请求时,都是按照若干个不同阶段(phase)依次处理的
- Nginx请求处理阶段共有11个之多,按照执行顺序依次是 post-read、server-rewrite、find-config、rewrite、post-rewrite、preaccess、access、post-access、tryfiles、content 以及 log
- redirect插件运行在rewrite阶段,而rate_limiting插件运行在access阶段,按照你的配置,当访问http://ip:port/bd 的时候,在rewrite阶段重定向到了https://www.baidu.com ,而运行在access阶段的rate_limiting插件根本没有机会执行,所以rate_limiting当然不会起作用了。
- 如果你想对重定向后url做访问频次限制的话,你可以在dashbord重定向到自己的location,比如/rate_limiting_test,而不是重定向到 https://www.baidu.com ,然后对URI /rate_limiting_test 添加访问rate_limiting,比如一分钟1次
- 如果你想对重定向后url做访问频次限制的话,你可以在dashbord重定向到自己的location,比如/rate_limiting_test,而不是重定向到 https://www.baidu.com ,然后对URI /rate_limiting_test 添加访问rate_limiting,比如一分钟1次
谢谢,那您说的是如我设置的这样的吗,重定向到nginx的location里面,可以帮看一下吗
{ "name": "baidu", "judge": { "type": 0, "conditions": [ { "type": "URI", "operator": "match", "value": "baidu" } ] }, "extractor": { "type": 1, "extractions": [] }, "handle": { "url_tmpl": "/bd", "trim_qs": false, "redirect_status": "301", "log": true }, "enable": true }
{ "name": "baidu", "judge": { "type": 0, "conditions": [ { "type": "URI", "operator": "match", "value": "baidu" } ] }, "handle": { "period": 3600, "count": 1, "log": false }, "enable": true }
location /bd { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Scheme $scheme; proxy_pass http://61.135.169.121;
-
给你提供个例子,dashbord配置参考下图
-
在浏览器请求三次后 http://ip:port/to_rate_limiting ,会返回429 Too Many Requests
- 请按照issues模板,提供使用的版本以及最小化复现测试用例,我用的v0.7的版本限速插件是没有问题的
你好,可以帮我看一下问题吗
- 显然这并不是Nginx的bug,要理解这里发生的事情,首先要知道Nginx处理每一个用户请求时,都是按照若干个不同阶段(phase)依次处理的
- Nginx请求处理阶段共有11个之多,按照执行顺序依次是 post-read、server-rewrite、find-config、rewrite、post-rewrite、preaccess、access、post-access、tryfiles、content 以及 log
- redirect插件运行在rewrite阶段,而rate_limiting插件运行在access阶段,按照你的配置,当访问http://ip:port/bd 的时候,在rewrite阶段重定向到了https://www.baidu.com ,而运行在access阶段的rate_limiting插件根本没有机会执行,所以rate_limiting当然不会起作用了。
谢谢了,我还想问一下URI重写是不是在rewrite阶段,还是哪个阶段?我测试的URI重写是在URL重定向前面执行,Rate limiting无法对重写进行限制,不知道我这个测试对不对。
