One way to do this is to find it in the logs with a script and then have that script apply a black hole rule to iptables. As a matter of course, we use a similar approach to block rapid failed login attempts on servers with public facing ssh. It works very well.
-Jerry Jerry Champlin Absolute Performance Inc. Phone: 303-565-4401 -- Enabling businesses to deliver critical applications at lower cost and higher value to their customers. On Tue, Mar 13, 2012 at 2:57 AM, fred hu <frederick...@gmail.com> wrote: > Hi, All > > We are using haproxy since 2009 for LB. > > Recently we encountered some malicious clients sending request on same URL > with especially high rate ( 100r/s and lasting for some minutes) > Is there any possibility to block such user while keep serving the normal > clients? (Surly We have no idea on malicious users ip before (s)he attacks) > I read the configuration manual and find we have fe_sess_rate/be_sess_rate > ACLs. But it seems for all clients. > > So, my question here is : Can we find/block a malicious user based on his > request rate? > > Thx! > > -- > *Fred Hu* > *Best Regards* > >
