NGINX rate limiting

jasonwch · December 23, 2025, 7:21am

main config:

limit_req_zone $binary_remote_addr zone=mylimit:10m rate=5r/s;

Template:
limit_req zone=mylimit burst=10 nodelay

I am studying on this.

As checked with nginx -V, HestisCP NGINX is built “–with-http_realip_module“

Which means this variable → $binary_remote_addr should be set correctly? instead of needed to use $real_ip_header?

ref: https://serverfault.com/questions/487463/nginx-rate-limiting-with-x-forwarded-for-header

sahsanu · December 25, 2025, 4:11am

You should keep using $binary_remote_addr. This variable will contain the correct client IP, regardless of whether the client connects directly or through Cloudflare (for Cloudflare, Hestia configures Nginx to get the real client IP using the realip module).

system · January 24, 2026, 4:12am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.