Trying to rate limit 404 errors by IP

j3j5 · June 4, 2025, 10:56pm

My issue:
I’m trying to rate limit requests to my server that result on 404 errors because I’ve got some malicious crawlers crashing my database trying to find wordpress endpoints, accesible git repositories and some other typical endpoints which do not exist on my site, but require a db check due to the dynamic nature of my app.

How I encountered the problem:
I’ve tried to follow the documentation in order to add rate limiting into 404 pages but I haven’t been able to make it work. For some reason it seems the rate limiter module does not run for errors. As you can see on the playground snippet below, $limit_req_status doesn’t even get populated. I couldn’t find anything on the docs that would explain this.

Solutions I’ve tried:
https://tech-playground.com/snippet/thankful-scorpion-of-success/

Any help will be greatly appreciated because I’ve been trying to do this for a while already.

alessandro · June 5, 2025, 12:16pm

Heya @j3j5! Can you try removing L30 (return 404)? NGINX doesn’t really read code top to bottom, so when it sees a return statement within any given context, that’s usually (in almost all use cases) what it first does. In this case it returns a 404 no matter what. Instead, what you can do is change limit_req_status 429 to limit_req_status 404 if you wish to return a 404 error to users that exceed the rate limit

Topic		Replies	Views
Windows limit_req not working Troubleshooting web-server	0	42	February 21, 2025
Nginx does not drop connections on bad requests Troubleshooting web-server	2	112	April 28, 2025
Understanding `limit_req` module & documentation "How Do I...?" reverse-proxy , rate-limit	8	195	May 14, 2025
Getting HTTP error 400 with PATCH method Troubleshooting web-server , nginx-open-source	1	16	June 17, 2025
Issue with Directives Troubleshooting web-server	6	98	March 7, 2025

Trying to rate limit 404 errors by IP

Related topics