nginx/files/_limit.conf - salt-formulas/nginx - Gitiles

 {%- set site = salt['pillar.get']('nginx:server:site:'+site_name) %}

 {%- if site.get('limit', {}).get('enabled', False) %}
 # Create whitelist for ip addresses
 geo $geo_{{ site_name }} {
     default "enforce";
 {%-   for ip in site.limit.get('ip_whitelist', []) %}
     {{ ip }} "whitelist";
 {%-   endfor %}
 }

 # First, map all whitelisted IP's to the request query
 map $geo_{{ site_name }} $limit_{{ site_name }} {
     default {{ site.limit.get('query', '$binary_remote_addr') }};
     "whitelist" "";
 }
 limit_req_zone $limit_{{ site_name }} zone={{ site_name }}:{{ site.limit.get('size', '100m') }} rate={{ site.limit.get('rate', '30r/m') }};

 {%-   for subfilter_name, subfilter in site.limit.get('subfilters', {}).items() %}

 map "${geo_{{ site_name }}}{{ subfilter.get('input', '$limit_{{ site_name }}') }}" $limit_{{ site_name }}_{{ subfilter_name }} {
     default {% if subfilter.get('mode', 'whitelist') == "whitelist" %}"{{ subfilter.get('input', '$limit_{{ site_name }}') }}";{% else %}""{% endif %};
     "~^whitelist" "";  # Allow previously whitelisted results.
 {%-     for match in subfilter.get('items', []) %}
     "{{ match }}" {% if subfilter.get('mode', 'whitelist') == 'whitelist' %}""{% else %}"{{ subfilter.get('input', '$limit_{{ site_name }}') }}"{% endif %};
 {%-     endfor %}
 }
 limit_req_zone $limit_{{ site_name }}_{{ subfilter_name }} zone={{ site_name }}_{{ subfilter_name }}:{{ subfilter.get('size', site.limit.get('size', '100m')) }} rate={{ subfilter.get('rate', site.limit.get('rate', '30r/m')) }};
 {%-   endfor %}

 {%- endif %}
	{%- set site = salt['pillar.get']('nginx:server:site:'+site_name) %}

	{%- if site.get('limit', {}).get('enabled', False) %}
	# Create whitelist for ip addresses
	geo $geo_{{ site_name }} {
	default "enforce";
	{%- for ip in site.limit.get('ip_whitelist', []) %}
	{{ ip }} "whitelist";
	{%- endfor %}
	}

	# First, map all whitelisted IP's to the request query
	map $geo_{{ site_name }} $limit_{{ site_name }} {
	default {{ site.limit.get('query', '$binary_remote_addr') }};
	"whitelist" "";
	}
	limit_req_zone $limit_{{ site_name }} zone={{ site_name }}:{{ site.limit.get('size', '100m') }} rate={{ site.limit.get('rate', '30r/m') }};

	{%- for subfilter_name, subfilter in site.limit.get('subfilters', {}).items() %}

	map "${geo_{{ site_name }}}{{ subfilter.get('input', '$limit_{{ site_name }}') }}" $limit_{{ site_name }}_{{ subfilter_name }} {
	default {% if subfilter.get('mode', 'whitelist') == "whitelist" %}"{{ subfilter.get('input', '$limit_{{ site_name }}') }}";{% else %}""{% endif %};
	"~^whitelist" ""; # Allow previously whitelisted results.
	{%- for match in subfilter.get('items', []) %}
	"{{ match }}" {% if subfilter.get('mode', 'whitelist') == 'whitelist' %}""{% else %}"{{ subfilter.get('input', '$limit_{{ site_name }}') }}"{% endif %};
	{%- endfor %}
	}
	limit_req_zone $limit_{{ site_name }}_{{ subfilter_name }} zone={{ site_name }}_{{ subfilter_name }}:{{ subfilter.get('size', site.limit.get('size', '100m')) }} rate={{ subfilter.get('rate', site.limit.get('rate', '30r/m')) }};
	{%- endfor %}

	{%- endif %}