Hey Guys,
Im trying to tarpit based on Unique IP and specific URL. I started with the
following:
listen web
...
# Track IP over 60sec, if http_req rate greater than 20 AND
page.html, send
# to new backend with tarpit only.
stick-table type ip size 1m expire 60s store gpc0,http_req_rate(60s)
tcp-request connection track-sc1 src
tcp-request connection reject if { src_get_gpc0 gt 0 }
acl ratelimiteIP src_http_req_rate ge 20
acl showPage path_end page.html
use_backend web-ratelimit if ratelimiteIP showPage
backend web-ratelimit
mode http
fullconn 500
timeout tarpit 5s
reqitarpit .
The above example works to a degree, but not what I was hoping for. I am
only sending to a new backend to easily see results in the stats web page.
The above example tracks all IP requests, and if the url matches page.html
it blocks it (Example: 100x req to index.html and 1 req to page.html would
trigger) . I am hoping to track ONLY ip addresses going to a specific URL,
not all in general.
I then moved onto the following example:
listen web
...
acl showPage path_end page.html
acl ratelimitIP sc1_get_gpc0 ge 0
stick-table type binary len 20 size 500 store gpc0
tcp-request content track-sc1 url32+src if showPage
use_backend web-ratelimit if ratelimitIP
backend web-ratelimit
mode http
fullconn 500
timeout tarpit 5s
reqitarpit .
But this doesnt seem to track them correctly.
Anyone have any pointers or a working config on url32+src? would be greatly
appreciated?
Thanks
Andrew
