Nginx Rate Limiting on Ubuntu 24.04

Define zones in http block

http {
    limit_req_zone $binary_remote_addr zone=api:10m     rate=10r/s;
    limit_req_zone $binary_remote_addr zone=login:10m   rate=5r/m;
}

Apply to locations

location /api/ {
    limit_req zone=api burst=20 nodelay;
    limit_req_status 429;
    proxy_pass http://backend;
}
location /login {
    limit_req zone=login burst=3;
    limit_req_status 429;
    proxy_pass http://backend;
}

Custom 429 page

error_page 429 /429.html;
location = /429.html { root /var/www/html; internal; }

Monitor hits

grep '429' /var/log/nginx/access.log | awk '{print $1}' | sort | uniq -c | sort -rn | head -20