Do you manage a website? Does it have a login form? Can somebody brute force attack it with every common username/password combination until they find one that works?

For many small web applications, the answer to all of the above is, "yes". This is a security risk and the solution is rate limiting. Rate limiting allows you to slow down the rate of requests and even deny requests beyond a specific threshold. Unfortunately, for most busy web developers, rate limiting is often tossed into a large pile of "things I know I should do, but don't have time for".

Advanced rate limiting apps such as django-ratelimit exist, but if you use Nginx as a reverse proxy to your ...