Haproxy 1.5 has src_conn_rate which can be used for that. I personally haven't used it. I just remember reading about it.
Vivek On Tue, Mar 13, 2012 at 8:30 AM, Jerry Champlin < [email protected]> wrote: > One way to do this is to find it in the logs with a script and then have > that script apply a black hole rule to iptables. As a matter of course, we > use a similar approach to block rapid failed login attempts on servers with > public facing ssh. It works very well. > > -Jerry > > Jerry Champlin > Absolute Performance Inc. > Phone: 303-565-4401 > -- > Enabling businesses to deliver critical applications at lower cost and > higher value to their customers. > > > > On Tue, Mar 13, 2012 at 2:57 AM, fred hu <[email protected]> wrote: > >> Hi, All >> >> We are using haproxy since 2009 for LB. >> >> Recently we encountered some malicious clients sending request on same >> URL with especially high rate ( 100r/s and lasting for some minutes) >> Is there any possibility to block such user while keep serving the normal >> clients? (Surly We have no idea on malicious users ip before (s)he attacks) >> I read the configuration manual and find we have >> fe_sess_rate/be_sess_rate ACLs. But it seems for all clients. >> >> So, my question here is : Can we find/block a malicious user based on his >> request rate? >> >> Thx! >> >> -- >> *Fred Hu* >> *Best Regards* >> >> >
