From 22fad44a75b4fd52e2b0cd688993d95405037476 Mon Sep 17 00:00:00 2001
From: psy <psy@darmstadt.ccc.de>
Date: Fri, 24 Dec 2021 13:02:20 +0100
Subject: [PATCH] add predefined ratelimits

---
 README.md                           | 14 ++++++++++++++
 files/config/conf.d/ratelimits.conf | 14 ++++++++++++++
 2 files changed, 28 insertions(+)
 create mode 100644 files/config/conf.d/ratelimits.conf

diff --git a/README.md b/README.md
index 4fa9738..35833d2 100644
--- a/README.md
+++ b/README.md
@@ -128,6 +128,20 @@ path :''
 satisfy: 'all
 ```
 
+**ratelimitconfig**
+```
+# add one of the follwing predefined ratelimits to your location or vhost
+custom: 
+  - limit_req zone=10rps burst=20 nodelay;
+  - limit_req zone=100rps burst=20 nodelay;
+  - limit_req zone=1000rps burst=20 nodelay;
+
+
+# define custom http status code for limited requests (defaults to 503)
+custom:
+  - limit_req_status 444;
+```
+
 **mapsconfig**:
 
 See https://nginx.org/en/docs/http/ngx_http_map_module.html#map
diff --git a/files/config/conf.d/ratelimits.conf b/files/config/conf.d/ratelimits.conf
new file mode 100644
index 0000000..32c5de3
--- /dev/null
+++ b/files/config/conf.d/ratelimits.conf
@@ -0,0 +1,14 @@
+geo $limit {
+	default 1;
+	10.0.0.0/8 0;
+	192.168.0.0/24 0;
+}
+ 
+map $limit $limit_key {
+	0 "";
+	1 $binary_remote_addr;
+}
+ 
+limit_req_zone $limit_key zone=10rps:10m rate=10r/s;
+limit_req_zone $limit_key zone=100rps:10m rate=100r/s;
+limit_req_zone $limit_key zone=1000rps:10m rate=1000r/s;
-- 
GitLab