What it does
The Rhino VoLTE TAS XCAP server utilizes NGINX as a reverse proxy for handling XCAP requests. By implementing rate limiting within NGINX, the XCAP server gains DDoS protection. The rate limiting is based on the number of requests per second. Configuration for this rate limiting is specified in the mag-nginx-config.yaml file.
This configuration is then applied to the NGINX server via the nginx.conf file. Specifically, the rate limiting rules are enforced for XCAP requests. It’s important to note that this configuration is optional. If rate limiting is not explicitly configured, the NGINX server will not apply any rate limiting to the XCAP requests.
Configuration
The NGINX Rate Limiting section in the mag-nginx-config.yaml file contains the following parameters:
-
nginx-perip-rate-limit - The maximum number of requests per second from a single IP address.
-
nginx-perip-burst-limit - The maximum number of requests that can be made in excess of the rate limit.
-
nginx-server-rate-limit - The maximum number of requests per second from all the clients.
-
nginx-server-burst-limit - The maximum number of requests that can be made in excess of the rate limit.
-
nginx-perip-conn-limit - The maximum number of connections per second from a single IP address.
-
nginx-server-conn-limit - The maximum number of connections per second from all the clients.
The example for mag-nginx-config.yaml shows example configuration relevant to NGINX rate limiting.
Enabling / disbaling / changing Rate limiting
To activate rate limiting, the mag-nginx-config.yaml file must be added. If any parameters are undefined in the yaml file, the default values will be used. To deactivate rate limiting, the mag-nginx-config.yaml file must be removed. For changes to take effect, the updated config must be uploaded using rvtconfig, and the NGINX server or the initconf in the MAG nodes must be restarted by executing the following command:
-
sudo systemctl restart nginxor -
sudo systemctl restart initconf
