On Fri, 11 May 2018 8:01 pm Mihir Shirali <[email protected]> wrote:
> Thanks Aleksandar for the help! > I did look up some examples for setting 503 - but all of them (as you've > indicated) seem based on src ip or src header. I'm guessing this is more > suitable for a DOS/DDOS attack? In our deployment, the likelihood of > getting one request from multiple clients is more than multiple requests > from a single client. > As an update the rate-limit directive has helped. However, the only > problem is that the client does not know that the server is busy and > *could* time out. It would be great if it were possible to somehow send a > 503 out , so the clients could retry after a random time. > Or even better 429.
