NGINX Ratelimiting completely doesn't work with Cloudflare Argo

I run a web server and it gets constantly hurled with requests lately by people which brings it to a crawl by PHP trying to process every request. I’ve been trying to use NGINX’s ratelimiting module but I have had no luck on trying to stop the request spamming. Every request to NGINX shows as 172.30.0.1, instead of actually displaying the visitor IP, and it doesn’t try to block the IP at all with ratelimiting. This is extremely annoying since the documentary for Cloudflare Argo says nothing about this either.

I’m running a docker container with PHP, MySQL, PHPMyAdmin, and NGINX.
Here is my NGINX config:

# Nginx configuration
# Comment out all of these if you're not using CF
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 104.16.0.0/13;
set_real_ip_from 104.24.0.0/14;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 131.0.72.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 2400:cb00::/32;
set_real_ip_from 2606:4700::/32;
set_real_ip_from 2803:f800::/32;
set_real_ip_from 2405:b500::/32;
set_real_ip_from 2405:8100::/32;
set_real_ip_from 2c0f:f248::/32;
set_real_ip_from 2a06:98c0::/29;

#use any of the following two

real_ip_header CF-Connecting-IP;
#real_ip_header X-Forwarded-For;
#Up until here

limit_req_zone  "$http_x_forwarded_for" zone=zone:10m rate=10r/s;

server {
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name localhost;

    index index.php index.html;
    error_log  /var/log/nginx/error.log;
    access_log /var/log/nginx/access.log;
    root /var/www/html/public;

    error_page 404 /404.php;

    set $virtualdir "";
    set $realdir "";

    if ($request_uri ~ ^/([^/]*)/.*$ ) {
        set $virtualdir /$1;
    }

    if (-d "$document_root$virtualdir") {
        set $realdir "${virtualdir}";
    }

    location / {
        limit_req zone=zone burst=5;
        try_files $uri $uri.html $uri/ @extensionless-php;
        index index.html index.htm index.php;
        rewrite ^/(user/(.*?)/videos)/?$ /channel_videos.php?n=$2 last;
        rewrite ^/(user/(.*?)/discussion)/?$ /channel_discussion.php?n=$2 last;
        rewrite ^/(user/(.*?)/feed)/?$ /channel_feed.php?n=$2 last;
        rewrite ^/(user/(.*?)/featured)/?$ /channel.php?n=$2 last;
        rewrite ^/(user/(.*?))/?$ /channel.php?n=$2 last;
        client_max_body_size 100M;
    }

    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass php:9000;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        client_max_body_size 100M;
    }

    location @extensionless-php {
        rewrite ^(.*)$ $1.php last;
        client_max_body_size 100M;
    }
}

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.