{"id":51124552,"url":"https://github.com/limithit/ngx_dynamic_limit_req_module","last_synced_at":"2026-06-25T06:01:29.297Z","repository":{"id":54788466,"uuid":"134787911","full_name":"limithit/ngx_dynamic_limit_req_module","owner":"limithit","description":"The ngx_dynamic_limit_req_module module is used to dynamically lock IP and release it periodically.","archived":false,"fork":false,"pushed_at":"2022-11-09T08:57:13.000Z","size":203,"stargazers_count":87,"open_issues_count":1,"forks_count":22,"subscribers_count":5,"default_branch":"master","last_synced_at":"2023-03-05T19:09:23.248Z","etag":null,"topics":["api-count","block","c","count","ddos","defense","nginx","nginx-module","pv-uv","real-time","redis","security","timing","web"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/limithit.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-05-25T01:37:31.000Z","updated_at":"2023-02-07T04:43:54.000Z","dependencies_parsed_at":"2022-08-14T03:00:40.224Z","dependency_job_id":null,"html_url":"https://github.com/limithit/ngx_dynamic_limit_req_module","commit_stats":null,"previous_names":[],"tags_count":null,"template":null,"template_full_name":null,"purl":"pkg:github/limithit/ngx_dynamic_limit_req_module","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/limithit%2Fngx_dynamic_limit_req_module","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/limithit%2Fngx_dynamic_limit_req_module/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/limithit%2Fngx_dynamic_limit_req_module/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/limithit%2Fngx_dynamic_limit_req_module/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/limithit","download_url":"https://codeload.github.com/limithit/ngx_dynamic_limit_req_module/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/limithit%2Fngx_dynamic_limit_req_module/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34761847,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-25T02:00:05.521Z","response_time":101,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["api-count","block","c","count","ddos","defense","nginx","nginx-module","pv-uv","real-time","redis","security","timing","web"],"created_at":"2026-06-25T06:01:23.871Z","updated_at":"2026-06-25T06:01:29.285Z","avatar_url":"https://github.com/limithit.png","language":"C","funding_links":[],"categories":["Upstreams, rate limiting and access control"],"sub_categories":[],"readme":"# ngx_dynamic_limit_req_module\n\n## Introduction\n\nThe *ngx_dynamic_limit_req_module* module is used to dynamically lock IP and release it periodically.\n\nTable of Contents\n=================\n* [dynamic_limit_req_zone](#dynamic_limit_req_zone)\n* [dynamic_limit_req_redis](#dynamic_limit_req_redis)\n* [dynamic_limit_req](#dynamic_limit_req)\n* [dynamic_limit_req_log_level](#dynamic_limit_req_log_level)\n* [dynamic_limit_req_status](#dynamic_limit_req_status)\n* [black-and-white-list](#black-and-white-list)\n* [principle](#principle)\n* [Pre-built Packages (Ubuntu / Debian)](#pre-built-packages-ubuntu--debian)\n* [Installation](#Installation)\n* [About](#About)\n* [Donate](#Donate)\n* [Extend](#Extend)\n* [Api-count](#Api-count)\n\n## dynamic_limit_req_zone\nSets parameters for a shared memory zone that will keep states for various keys. In particular, the state stores the current number of excessive requests. The key can contain text, variables, and their combination. Requests with an empty key value are not accounted.\n```\n Syntax:  dynamic_limit_req_zone key zone=name:size rate=rate [sync]  redis=127.0.0.1 block_second=time;\n Default: —\n Context: http\n ```\n## dynamic_limit_req_redis\nSets optional parameters, unix_socket, port, requirepass.\n\nThe socket must be accessible for `nginx`. You first have to change the chmod of the socket to 770 that the redis group can access it, make changes in `/etc/redis/redis.conf`:\n`unixsocketperm 770` `unixsocket /tmp/redis.sock` and then add `nginx` to the redis group `usermod -g redis nginx`\n\n```\n Syntax:  dynamic_limit_req_redis  unix_socket | port=[number] requirepass=[password];\n Default: port 6379\n Context: http\n ```\nexample:\n```\ndynamic_limit_req_zone $binary_remote_addr zone=sms:5m rate=5r/m redis=/tmp/redis.sock block_second=1800;\ndynamic_limit_req zone=sms burst=3 nodelay;\ndynamic_limit_req_redis unix_socket requirepass=comeback;\n```\n`or required for non-standard ports, not required for standard port 6379`\n```\ndynamic_limit_req_zone $binary_remote_addr zone=sms:5m rate=5r/m redis=127.0.0.1 block_second=1800;\ndynamic_limit_req zone=sms burst=3 nodelay;\ndynamic_limit_req_redis port=6378 requirepass=comeback;\n\n```\n\n## dynamic_limit_req\nSets the shared memory zone and the maximum burst size of requests. If the requests rate exceeds the rate configured for a zone, their processing is delayed such that requests are processed at a defined rate. Excessive requests are delayed until their number exceeds the maximum burst size in which case the request is terminated with an error. By default, the maximum burst size is equal to zero.\n```\n Syntax:  dynamic_limit_req zone=name [burst=number] [nodelay | delay=number];\n Default: —\n Context: http, server, location, if\n```\n\n## dynamic_limit_req_log_level\nSets the desired logging level for cases when the server refuses to process requests due to rate exceeding, or delays request processing. Logging level for delays is one point less than for refusals; for example, if “dynamic_limit_req_log_level notice” is specified, delays are logged with the info level.\n```\n Syntax:  dynamic_limit_req_log_level info | notice | warn | error;\n Default: dynamic_limit_req_log_level error;\n Context: http, server, location\n```\n\n## dynamic_limit_req_status\nSets the status code to return in response to rejected requests.\n```\n Syntax:  dynamic_limit_req_status code;\n Default: dynamic_limit_req_status 503;\n Context: http, server, location, if\n```\n\n\n\n## Configuration example：\n```nginx\n\n    worker_processes  2;\n    events {\n        worker_connections  1024;\n    }\n    http {\n        include       mime.types;\n        default_type  application/octet-stream;\n        sendfile        on;\n        keepalive_timeout  65;\n\n   dynamic_limit_req_zone $binary_remote_addr zone=one:10m rate=100r/s redis=127.0.0.1 block_second=300;\n   dynamic_limit_req_zone $binary_remote_addr zone=two:10m rate=50r/s redis=127.0.0.1 block_second=600;\n   dynamic_limit_req_zone $binary_remote_addr zone=sms:5m rate=5r/m redis=127.0.0.1 block_second=1800;\n\n\n        server {\n            listen       80;\n            server_name  localhost;\n            location / {\n\n                if ($http_x_forwarded_for) {\n                 return 400;\n                }\n                root   html;\n                index  index.html index.htm;\n                dynamic_limit_req zone=one burst=100 nodelay;\n                dynamic_limit_req_status 403;\n            }\n            error_page   403 500 502 503 504  /50x.html;\n            location = /50x.html {\n                root   html;\n            }\n        }\n        server {\n            listen       80;\n            server_name  localhost2;\n            location / {\n                root   html;\n                index  index.html index.htm;\n\n                    set $flag 0;\n                   if ($document_uri ~* \"regist\"){\n                      set $flag \"${flag}1\";\n                        }\n                  if ($request_method = POST ) {\n                        set $flag \"${flag}2\";\n                          }\n                      if ($flag = \"012\"){\n                      dynamic_limit_req zone=sms burst=3 nodelay;\n                      dynamic_limit_req_status 403;\n                      }\n\n\n                      if ($document_uri ~* \"getSmsVerifyCode.do\"){\n                      dynamic_limit_req zone=sms burst=5 nodelay;\n                      dynamic_limit_req_status 444;\n                }\n\n                dynamic_limit_req zone=two burst=50 nodelay;\n                dynamic_limit_req_status 403;\n            }\n            error_page   403 502 503 504  /50x.html;\n            location = /50x.html {\n                root   html;\n            }\n        }\n    }\n\n```\n\n## If you use CDN at the source station :\n```nginx\n worker_processes  2;\n    events {\n        worker_connections  1024;\n    }\n    http {\n        include       mime.types;\n        default_type  application/octet-stream;\n        sendfile        on;\n        keepalive_timeout  65;\n\n       ####--with-http_realip_module\n\n       set_real_ip_from 192.168.16.0/24;\n       real_ip_header X-Forwarded-For;\n       real_ip_recursive on;\n\n   #### $http_x_forwarded_for or $binary_remote_addr\n  dynamic_limit_req_zone $http_x_forwarded_for zone=one:10m rate=100r/s redis=127.0.0.1 block_second=300;\n        server {\n            listen       80;\n            server_name  localhost;\n            location / {\n                root   html;\n                index  index.html index.htm;\n                dynamic_limit_req zone=one burst=100 nodelay;\n                dynamic_limit_req_status 403;\n            }\n            error_page   403 500 502 503 504  /50x.html;\n            location = /50x.html {\n                root   html;\n            }\n        }\n\n    }\n```\n\nAbout [ngx_http_realip_module](http://nginx.org/en/docs/http/ngx_http_realip_module.html)\n\n## black-and-white-list\n\n###  White list rules\n ```redis-cli set whiteip ip```\n\n example：\n ```redis-cli set white192.168.1.1 192.168.1.1```\n###  Black list rules\n ```redis-cli set ip ip ```\n\n example：\n ```redis-cli set 192.168.1.2 192.168.1.2```\n\n## Pre-built Packages (Ubuntu / Debian)\n\nPre-built packages for this module are freely available from the GetPageSpeed repository:\n\n```bash\n# Install the repository keyring\nsudo install -d -m 0755 /etc/apt/keyrings\ncurl -fsSL https://extras.getpagespeed.com/deb-archive-keyring.gpg \\\n  | sudo tee /etc/apt/keyrings/getpagespeed.gpg \u003e/dev/null\n\n# Add the repository (Ubuntu example - replace 'ubuntu' and 'jammy' for your distro)\necho \"deb [signed-by=/etc/apt/keyrings/getpagespeed.gpg] https://extras.getpagespeed.com/ubuntu jammy main\" \\\n  | sudo tee /etc/apt/sources.list.d/getpagespeed-extras.list\n\n# Install nginx and the module\nsudo apt-get update\nsudo apt-get install nginx nginx-module-dynamic-limit-req\n```\n\nThe module is automatically enabled after installation. Supported distributions include Debian 12/13 and Ubuntu 20.04/22.04/24.04 (both amd64 and arm64). See [the complete setup instructions](https://apt-nginx-extras.getpagespeed.com/apt-setup/).\n\n## Installation\n\n###  Option #1: Compile Nginx with module bundled\n    cd redis-4.0**version**/deps/hiredis\n    make\n    make install\n    echo /usr/local/lib \u003e\u003e /etc/ld.so.conf\n    ldconfig\n\n    cd nginx-**version**\n    ./configure --add-module=/path/to/this/ngx_dynamic_limit_req_module\n    make\n    make install\n\n\n###  Option #2: Compile dynamic module for Nginx\n\nStarting from NGINX 1.9.11, you can also compile this module as a dynamic module, by using the ```--add-dynamic-module=PATH``` option instead of ```--add-module=PATH``` on the ```./configure``` command line above. And then you can explicitly load the module in your ```nginx.conf``` via the [load_module](http://nginx.org/en/docs/ngx_core_module.html#load_module) directive, for example,\n\n```nginx\n    load_module /path/to/modules/ngx_dynamic_limit_req_module.so;\n```\n## principle\nThe ngx_dynamic_limit_req_module module is used to limit the request processing rate per a defined key, in particular, the processing rate of requests coming from a single IP address. The limitation is done using the “leaky bucket” method.\n\n## About\nThis module is an extension based on [ngx_http_limit_req_module](http://nginx.org/en/docs/http/ngx_http_limit_req_module.html).\n\n## Donate\nThe developers work tirelessly to improve and develop ngx_dynamic_limit_req_module. Many hours have been put in to provide the software as it is today, but this is an extremely time-consuming process with no financial reward. If you enjoy using the software, please consider donating to the devs, so they can spend more time implementing improvements.\n\n ### Alipay:\n![Alipay](https://github.com/limithit/shellcode/blob/master/alipay.png)\n\n## Extend\nThis module can be works with [RedisPushIptables](https://github.com/limithit/RedisPushIptables),  the application layer matches then the network layer to intercept. Although network layer interception will save resources, there are also deficiencies. Assuming that only one specific interface is filtered and no other interfaces are filtered, those that do not need to be filtered will also be inaccessible. Although precise control is not possible at the network layer or the transport layer, it can be precisely controlled at the application layer. Users need to weigh which solution is more suitable for the event at the time.\n\n## Api-count\n### If you want to use the api counting function, please use [limithit-API_alerts](https://github.com/limithit/ngx_dynamic_limit_req_module/tree/limithit-API_alerts). Because not everyone needs this feature, so it doesn't merge into the trunk. Users who do not need this feature can skip this paragraph description.\n\n```\ngit clone https://github.com/limithit/ngx_dynamic_limit_req_module.git\ncd ngx_dynamic_limit_req_module\ngit checkout limithit-API_alerts\n```\n```\nroot@debian:~# redis-cli\n127.0.0.1:6379\u003e SELECT 3\n127.0.0.1:6379[3]\u003e scan 0 match *12/Dec/2018* count 10000\n127.0.0.1:6379[3]\u003e scan 0 match *PV count 10000\n1) \"0\"\n2) 1) \"[13/Dec/2018]PV\"\n   2) \"[12/Dec/2018]PV\"\n127.0.0.1:6379[3]\u003e get [12/Dec/2018]PV\n\"9144\"\n127.0.0.1:6379[3]\u003e get [13/Dec/2018]PV\n\"8066\"\n127.0.0.1:6379[3]\u003e get [13/Dec/2018]UV\n\"214\"\n\n```\n\nThis module is compatible with following nginx releases:\n\nAuthor\nGandalf zhibu1991@gmail.com\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flimithit%2Fngx_dynamic_limit_req_module","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flimithit%2Fngx_dynamic_limit_req_module","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flimithit%2Fngx_dynamic_limit_req_module/lists"}