NGINX Rate Limiting

# 1 request a second, using the site hostname instead of an IP (so it's 1r/s no matter the IP)
limit_req_zone "$http_host" zone=app_name:10m rate=1r/s;
# 5 requests a minute, per IP
limit_req_zone "$http_cf_connecting_ip" zone=app_name:10m rate=5r/m;
# "10m" = 10MB. Configures how large the rambuffer should be for storing requests.
# Use the correct status code for ratelimits
limit_conn_status 429;
limit_req_status 429;
server {
    # ...
    location ^~ /app {
        # Use the app_name zone
        limit_req zone=app_name;
        # Allow bursts
        limit_req zone=app_name burst=5;
    # Custom error page if the req is being rate limited
    error_page 429 /ratelimit.html;
    # ...