Page 1 of 2

How to install rate-limit nginx templates

Posted: Sat Jul 25, 2020 10:20 pm
by myVesta
As root, in SSH run:

Code: Select all

curl -O https://c.myvestacp.com/tools/rate-limit-tpl/install_rate_limit_tpl.sh
bash install_rate_limit_tpl.sh

This installer will install hosting-firewall.tpl (nginx template) that will:
  • allow 1 http request per second per IP address (sent to your server, more precisely to your PHP-FPM)
  • allow 2 parallel http connections per IP address (sent to your PHP-FPM)
  • allow burst for 7 additional http requests (they will enter queue), first 3 will be processed immediately, 4 others will processed each request each second (so this will handle natural peaks that CMS can generate to itself)
  • if client fills allowed queue, additional requests will be denied
Generally, this nginx template will prevent bad bots to run hundreds parallel http requests against your site, which will probably cause denial-of-service on your server.

There are also 3 additional templates, with larger limit values (for example: 2 req/sec, 14 allowed requests in queue, 7 burst, 8 parallel connections).

There are also firewall-wordpress templates adapted for WordPress sites.

If you need different rate-limit for different IP addresses and optionally for different folders - see solution here: viewtopic.php?p=2686#p2686

Re: How to install rate-limit nginx templates

Posted: Thu Aug 05, 2021 10:09 pm
by Jpsciolli
Hello, just got this error while installing it...

install_rate_limit_tpl.sh: line 57: service: command not found

Anything usefull unattended?

Re: How to install rate-limit nginx templates

Posted: Sun Aug 08, 2021 2:05 pm
by myVesta
Jpsciolli wrote: Thu Aug 05, 2021 10:09 pm Hello, just got this error while installing it...

install_rate_limit_tpl.sh: line 57: service: command not found

Anything usefull unattended?

Code: Select all

apt-get install sysvinit-utils
echo "PATH=$PATH:/usr/sbin" >> ~/.bashrc
source ~/.bashrc
then run rate-limit installer again.

Re: How to install rate-limit nginx templates

Posted: Mon Dec 20, 2021 7:28 pm
by sparkzara
hi,
when i add this rate limit template,
my cdn images are getting lot of denied errors.

so how do i whitelist cdn ip address, so they wont be under rate limit ?

Re: How to install rate-limit nginx templates

Posted: Mon Dec 20, 2021 7:53 pm
by myVesta
sparkzara wrote: Mon Dec 20, 2021 7:28 pm hi,
when i add this rate limit template,
my cdn images are getting lot of denied errors.

so how do i whitelist cdn ip address, so they wont be under rate limit ?
static files are not limited in any way, except if you serve them though apache/php?

i don't know how to make whitelist.

Re: How to install rate-limit nginx templates

Posted: Mon Dec 20, 2021 8:18 pm
by sparkzara
Thank you for the quick reply.
static files are not limited in anyway (good to know this) - i didn't realize that earlier. just checked once again and found issue with another plugin on site.

regarding whitelist ip, need to set something, so it doesn't limit apache/php served pages for specific users ( even though rate limit nginx template applied for domain ).
can't we add tcp ip under firewall on myvestacp, so those ip address wont have rate limit applied ?

Re: How to install rate-limit nginx templates

Posted: Mon Dec 20, 2021 8:41 pm
by myVesta
sparkzara wrote: Mon Dec 20, 2021 8:18 pm Thank you for the quick reply.
static files are not limited in anyway (good to know this) - i didn't realize that earlier. just checked once again and found issue with another plugin on site.

regarding whitelist ip, need to set something, so it doesn't limit apache/php served pages for specific users ( even though rate limit nginx template applied for domain ).
can't we add tcp ip under firewall on myvestacp, so those ip address wont have rate limit applied ?
nope, because this is a limit on nginx layer - https://github.com/myvesta/vesta/blob/m ... pl#L10-L11
probably there is a way to exclude those lines for desired IP, but i'm sincerely not sure how.
someone should go deeply in nginx syntax to understand how to do it.

Re: How to install rate-limit nginx templates

Posted: Mon Dec 20, 2021 8:45 pm
by myVesta

Re: How to install rate-limit nginx templates

Posted: Thu Dec 23, 2021 6:53 pm
by sparkzara
Thank you for the suggestion.
if block idea should help resolve it now.
myVesta wrote: Mon Dec 20, 2021 8:41 pm
sparkzara wrote: Mon Dec 20, 2021 8:18 pm Thank you for the quick reply.
static files are not limited in anyway (good to know this) - i didn't realize that earlier. just checked once again and found issue with another plugin on site.

regarding whitelist ip, need to set something, so it doesn't limit apache/php served pages for specific users ( even though rate limit nginx template applied for domain ).
can't we add tcp ip under firewall on myvestacp, so those ip address wont have rate limit applied ?
nope, because this is a limit on nginx layer - https://github.com/myvesta/vesta/blob/m ... pl#L10-L11
probably there is a way to exclude those lines for desired IP, but i'm sincerely not sure how.
someone should go deeply in nginx syntax to understand how to do it.

Re: How to install rate-limit nginx templates

Posted: Fri Dec 24, 2021 10:27 pm
by myVesta
sparkzara wrote: Thu Dec 23, 2021 6:53 pm Thank you for the suggestion.
if block idea should help resolve it now.
Post here solution if you find it :)