> On Jun 22, 2019, at 10:49 AM, Eric Friedrich <eric.friedric...@gmail.com>
> wrote:
>
> You might also want to consider using a hook earlier than
> TS_HTTP_SEND_REQUEST_HDR_HOOK like POST_REMAP_HOOK.
>
> IIRC, the connection to the origin is already established by the time the
> SEND_REQUEST_HDR_HOOK executes.
+1. The sooner you can “deny” a request, the better. Do it as early as possible
IMO.
— Leif
>
> --Eric
>
> On Fri, Jun 21, 2019 at 11:11 PM Dk Jack <dnj0...@gmail.com> wrote:
>
>> Uhm! why async timers? You'd want to implement a leaky/token bucket per
>> site. Check out...
>>
>> https://github.com/rigtorp/TokenBucket
>>
>> It's single header file lock free implementation for token bucket and it
>> works very well...
>>
>>
>> On Fri, Jun 21, 2019 at 7:38 PM Weixi Li (BLOOMBERG/ PRINCETON) <
>> wli...@bloomberg.net> wrote:
>>
>>> What a great community! So many good tips in such a short time!
>>>
>>> Especially the atscppai, I would've never noticed it. the async examples
>>> look very promising.
>>>
>>> It looks like the following might be necessary (let me know if I'm
>> wrong):
>>> * A hook to TS_HTTP_SEND_REQUEST_HDR_HOOK
>>> * A map of queues (one queue per rate-limited site)
>>> * A map of async timers (one timer per queue)
>>>
>>> I will study the ATS code more to understand the event and threading
>> model
>>> better.
>>>
>>> Thank you all.
>>>
>>> From: dev@trafficserver.apache.org At: 06/21/19 19:52:44To:
>>> dev@trafficserver.apache.org
>>> Subject: Re: Implementing Rate-limiting in forward proxy mode
>>>
>>> I have implemented rate-limit in my plugin using atscppapi. We are using
>>> ats in
>>> security context for mitigation. If the request matches certain criteria
>>> (ip,
>>> method, host, uri and header values) then we apply rate-limit to that ip.
>>>
>>> Dk.
>>>
>>>> On Jun 21, 2019, at 3:15 PM, Leif Hedstrom <zw...@apache.org> wrote:
>>>>
>>>>
>>>>
>>>>> On Jun 21, 2019, at 16:09, Weixi Li (BLOOMBERG/ PRINCETON)
>>> <wli...@bloomberg.net> wrote:
>>>>>
>>>>> Hi team,
>>>>>
>>>>> We are experimenting with ATS in *forward* proxy mode. Our use-case
>>> requires
>>> a rate-limiting component that enforces rules based on the destination.
>>>>>
>>>>> For example:
>>>>>
>>>>> For all incoming requests targeting "www.cnn.com", we want to limit
>>> the
>>> outgoing rate to be 10 requests per minute; for "www.reddit.com", we
>> want
>>> the
>>> rate to be 20 requests per minute; and so on. If there were more requests
>>> than
>>> the limit specified, the requests must be queued before they could go
>> out.
>>>>
>>>> Seems very straight forward to implement as a plugin. For example the
>>> geo_acl
>>> plugin might be a good start, since it limits access based on source IP.
>>>>
>>>> Would be interesting to hear more about your use case too, it’s always
>>> exciting to hear about different solutions that people use ATS for. Maybe
>>> at
>>> the next ATS summit? :-)
>>>>
>>>> Cheers,
>>>>
>>>> — Leif
>>>>>
>>>>> Is it possible to implement this requirement using a plugin?
>>>>>
>>>>> If not, we wouldn't mind forking the code and modifying whichever
>> parts
>>> that
>>> would be necessary. But which are the potentially relevant components?
>>>>>
>>>>> If any experts could give us some pointers on the design, that would
>> be
>>> really appreciated.
>>>>>
>>>>> Thanks,
>>>>> Weixi
>>>>
>>>
>>>
>>>
>>
