I have a question regarding NGINX rate limiting.
Is it possible to do rate limiting based on the decoded value of JWT token? I cannot find any information like this in the docs.
Or even if there is a way of doing rate limiting by creating pure custom variable (using LuaJIT) which will be assigned with a value from my decoded JWT - will also do the job.
The thing is that the limit_req
module seems to execute way before the request reaches the luaJIT stage so its already too late!
A solution will be appreciated.
As you may know that rate limit is applied through unique ip address for best result you should use unique jwt value or token to rate limit.
You can follow any of these 3 methods
You can directly use jwt token in limit_req_zone.
conf.d/default.conf
You can send decoded jwt value from frontend in reqest header like http_x_jwt_decode_value and then you can use that in limit_req_zone.
conf.d/default.conf
You can decode jwt token in nginx though njs javascript module or perl module or lua module and assign it to variable then use that to rate limit.
Description: here i just decoded jwt value and checked if its not empty you can use it to work with and jwt decoded value.
jwt_example.js
nginx.conf
conf.d/default.conf