Rate limit nginx routes that verify the password

Also remove rate-limit middleware Test using something like: ab -v 1 -n 1000 -c 10 -s 5 -m POST https://my.<doamain>/api/v1/developer/login Part of #187
2017-03-26 23:27:34 -07:00
parent 64cb951206
commit 18e59c4754
5 changed files with 11 additions and 16 deletions
@@ -33,6 +33,9 @@ http {
    # keep-alive connections timeout in 65s. this is because many browsers timeout in 60 seconds
    keepalive_timeout  65s;

+    # zones for rate limiting
+    limit_req_zone $binary_remote_addr zone=admin_login:10m rate=1r/s; # 1 request a second
+
    # HTTP server
    server {
        listen      80;