Rate limiting protects your server from abuse and brute-force attacks.
Configure
In /etc/nginx/nginx.conf (http block):
# Define rate limit zone\nlimit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;In your server block:
location /api/ {\n limit_req zone=api burst=20 nodelay;\n proxy_pass http://127.0.0.1:3000;\n}Parameters
- rate=10r/s — 10 requests per second per IP
- burst=20 — allow bursts of up to 20 requests
- nodelay — process burst requests immediately
Custom Error Page
limit_req_status 429;\nerror_page 429 /429.html;