Rate limit errors although IP is whitelisted

We are using Discourse in a Docker container. We have rate limits set up with a whitelisted IP. However, we are still getting rate limit errors when making requests from that IP. I’m pretty sure the nginx configuration is correct, here is how it looks:

geo $limit {
    default 1;
    1.1.1.1 0; # not the real IP
}

map $limit $limit_key {
    0 "";
    1 $binary_remote_addr;
}

limit_req_zone $limit_key zone=flood:10m rate=12r/s;
limit_req_zone $limit_key zone=bot:10m rate=200r/m;
limit_req_status 429;
limit_conn_zone $limit_key zone=connperip:10m;
limit_conn_status 429;

...
  location @discourse {
    limit_conn connperip 20;
    limit_req zone=flood burst=12 nodelay;
    limit_req zone=bot burst=100 nodelay;
   ...
  }

nginx is configured to log an error in case a rate limit has been reached and we are indeed seeing some log message - but none from the whitelisted IP. Still we are getting tons of 429 when making requests from the whitelisted IP. The request URLs are user profiles (e.g. /users/foo.json). Is there some kind of rate limit in Discourse itself?

1 Like