# NGINX Rate Limiting

```
# 1 request a second, using the site hostname instead of an IP (so it's 1r/s no matter the IP)
limit_req_zone "$http_host" zone=app_name:10m rate=1r/s;
 
# 5 requests a minute, per IP
limit_req_zone "$http_cf_connecting_ip" zone=app_name:10m rate=5r/m;
 
# "10m" = 10MB. Configures how large the rambuffer should be for storing requests.
 
# Use the correct status code for ratelimits
limit_conn_status 429;
limit_req_status 429;
 
server {
    # ...
 
    location ^~ /app {
        # Use the app_name zone
        limit_req zone=app_name;
 
        # Allow bursts
        limit_req zone=app_name burst=5;
    }
 
    # Custom error page if the req is being rate limited
    error_page 429 /ratelimit.html;
 
    # ...
}
```