Nginx rate limiting reuse

Our company wants to use nginx rate limit base on http headers. We have this configuration till now:

limit_req_zone $http_CLIENT_KEY zone=newzone:10m rate=1r/m;

server {
    listen 80;

    location / {
        limit_req zone=newzone burst=9 nodelay;
        limit_req_status 429;
        proxy_pass http://127.0.0.1:8080;
    }
}

We want to give permission to every CLIENT-KEY header only 10r/m and block them for 1 minute. This config file works but after 1 minute, based on rate we can just send 1 request every minute and not 10.

Does anyone have any ideas?

Thanks

You are defining a rate limit for 1 request per minute .
Then you have defined a queue (burst) that has 9 spaces for saving incoming requests to be proxied.
because you have set the nodelay parameter , the 9 request will be proxied immediately and you wont get 503 BUT the queue (burst) gets full and it gets emptied based on your rate limit that is 1 request per minute.

Thats why you can send 1 request after the minute has passed!

this config may help you:

http {
  # Define a limit for 10r/m
  limit_req_zone $http_CLIENT_KEY zone=newzone:10m rate=10r/m;


  # Configure the reverse proxy server
  server {
    listen 80;
    server_name example.com;

    # Limit requests to 10 per second
    limit_req zone=newzone burst=5 nodelay;

    # Proxy requests to the backend server
    location / {
      proxy_pass http://127.0.0.1:8080;
    }

    # Ban clients that exceed the limit for one minute
    error_page 503 @ban;
    location @ban {
      add_header Retry-After 60;
      return 503;
    }
  }
}

with this config you can make 1 request every 6 sec without using the queue (burst) , but you can make 15 req if you do it frequently in the minute and then the queue will start to get emptied.

you can use another way to ban an ip for 60 sec when exceeding and allowing the queue to start getting empty.

I hope my answer helped!