Re: Haproxy rate limit per matching request

Wed, 23 Oct 2013 10:50:03 -0700 

Hi Baptiste,

Thank you for your pieces of advice. I've tried to write such a config, 
however, it does not seem to work - can you tell me what I'm missing or what am 
I doing wrong?

defaults
        mode http
        contimeout 5000
        clitimeout 50000
        srvtimeout 50000


listen app 192.168.9.130:80
        mode http
        tcp-request connection accept if { src -f /etc/haproxy/whitelist.lst }  
# Just a simple whitelist 
#create a stick table, string type, store number of requests
        stick-table type string len 40 size 200k expire 3m
#store url parameter called id
        stick store-request urlp(SID,?)         # stick on urlp(SID) 
#track counter on url parameter id
        tcp-request content track-sc0 urlp(SID,?)
#deny if the number of request for the tracked id is greater than X
        tcp-request connection reject if { sc0_http_req_cnt gt 2 }
        default_backend web_servers

backend web_servers
        balance roundrobin
        server web01 192.168.9.128:80 check inter 1000
        server web02 192.168.9.129:80 check inter 1000

-- 

e-mail: [email protected]

TouK sp. z o.o. s.k.a.
02-389 Warszawa, al. Bohaterów Września 9
http://touk.pl

Wiadomość napisana przez Baptiste w dniu 18 paź 2013, o godz. 14:40:

> Hi Przemyslaw,
> 
> You can do this:
> create a stick table, string type, store number of requests
> store url parameter called id
> track counter on url parameter id
> deny if the number of request for the tracked id is greater than X
> 
> Baptiste
> 
> 
> On Fri, Oct 18, 2013 at 11:02 AM, Przemysław Hejman <[email protected]> wrote:
>> Hello everyone,
>> 
>> 
>> Is there any possibility for HAProxy to perform a rate limit per repeating
>> request? Consider following situation:
>> Assume that you have requests like:
>> 
>> GET  /file&id=123%someotherstuff
>> GET  /file&id=476%someotherstuff
>> GET  /file&id=111%someotherstuff
>> GET  /file&id=111%someotherstuff
>> GET  /file&id=111%someotherstuff
>> GET  /file&id=476%someotherstuff
>> 
>> What I want to do is to block the next request containing "id=111".  Lets
>> say that I want to allow only 3  exactly same requests matching [0-9]{3}.
>> 
>> Is there any possibility to configure a stick table to work like in this
>> example?  If no, do you know any other mechanisms to perform such an action?
>> 
>> Bes
>> --
>> 
>> e-mail: [email protected]
>> 
>> TouK sp. z o.o. s.k.a.
>> 02-389 Warszawa, al. Bohaterów Września 9
>> http://touk.pl
>> 
>

Reply via email to