How to rate limiting nginx with X-Forwarded-For header?

If you run nginx behind a load balancer, the external IP of the client will not reach your nginx daemon anymore, so instead of $binary_remote_addr you have to use $http_x_forwarded_for in your rate limit statement.

Also make sure your load balancer provides this variable!

limit_req_zone $http_x_forwarded_for zone=zone:10m rate=1r/s;

You cannot comment on this entry