We can do lower-level, coarser rate-limiting using one or both of:
[nginx's limit_req module][http://wiki.nginx.org/HttpLimitReqModule], which limits the number of requests per client group (defined by any nginx variable) to a given average requests-per-second, with a little wiggle room for bursts. Simple to configure and can be set by location as well, though the lack of overlapping location blocks in nginx makes that a bit less awesome.
Built-in functionality in iptables, which will do this at the network level. Not too familiar, though.
We can do lower-level, coarser rate-limiting using one or both of: