1 files changed, 8 insertions, 0 deletions

diff --git a/profiles/reverse-proxy.nix b/profiles/reverse-proxy.nix
index dd98ff2..f136ba0 100644
--- a/profiles/reverse-proxy.nix
+++ b/profiles/reverse-proxy.nix
@@ -41,6 +41,14 @@ in
     recommendedGzipSettings = true;
     recommendedOptimisation = true;
     recommendedTlsSettings = true;
+    commonHttpConfig = ''
+      # limit clients doing too many requests
+      # can be tested with ab -n 20 -c 10 <host>
+      limit_req_zone $binary_remote_addr zone=req_limit_per_ip:10m rate=10r/s;
+
+      # limit clients opening too many connections
+      limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m;
+    '';
     virtualHosts = {
       "code.fcuny.net" = {
         enableACME = true;