Scenario

Your Nginx web server has recently experienced performance issues caused by excessive traffic from a few aggressive clients. You've decided to enable rate limiting based on the recent traffic pattern. To determine the proper limit, you first need to analyze request frequency.

Task

Find the top 3 client IPs by number of requests from /var/log/nginx/access.log, calculate the rate limit using the formula (sum of top 3 IP request counts / 3) * 0.8, write this value into /etc/nginx/nginx.conf as limit_req_zone $binary_remote_addr zone=app_limit:10m rate=<rate_limit>r/s;, and verify the configuration with nginx -t.

Example

# Before (no rate limiting configured)

Access log contains thousands of requests from various IPs
No rate limit configured in nginx.conf
Need to analyze traffic and set appropriate limit

# After (rate limit calculated and configured)

Top 3 IPs analyzed: 4523, 3891, 3456 requests
Rate limit calculated: 7896 r/s
Configuration updated and validated successfully
nginx -t: syntax ok, test successful

Step 1: Extract IP addresses from the access log and count requests per IP, then save the top 3 IPs to a temporary file

awk '{print $1}' /var/log/nginx/access.log | sort | uniq -c | sort -rn | head -n 3 > /tmp/top_ips.txt
cat /tmp/top_ips.txt

This command does several things:

• awk '{print $1}' extracts the first field (IP addresses) from each log line
• sort arranges the IP addresses so identical ones are grouped together
• uniq -c counts how many times each unique IP appears
• sort -rn sorts by count in reverse order (highest first)
• head -n 3 takes only the top 3 results
• > /tmp/top_ips.txt saves the output to a file

Step 2: Extract just the count numbers from the top 3 IPs

awk '{print $1}' /tmp/top_ips.txt > /tmp/counts.txt
cat /tmp/counts.txt

Step 3: Calculate the total sum of these counts

SUM=$(awk '{sum+=$1} END {print sum}' /tmp/counts.txt)
echo $SUM

Step 4: Calculate the rate limit (80% of the average requests per IP)

RATE_LIMIT=$(echo "$SUM / 3 * 0.8 / 1" | bc)
echo $RATE_LIMIT

Step 5: Create the rate limiting configuration file using a text editor

nano /etc/nginx/nginx.conf

Add the following content (replace 306 with your calculated value from Step 4):

events {}

http {
    # Define the rate limit zone in the http block
    limit_req_zone $binary_remote_addr zone=api_limit:10m rate=306r/m;

    server {
        location /api/ {
            limit_req zone=api_limit burst=5;
        }
    }
}

Save and exit (Ctrl+O, Enter, Ctrl+X in nano).

Step 6: Verify the configuration

nginx -t
cat /etc/nginx/nginx.conf