Hello,
I'd like to ask for an advice how return custom HTTP error code when rate limit
rule is triggered. I have sort of followed the configuration described here:
http://blog.haproxy.com/2012/02/27/use-a-load-balancer-as-a-first-row-of-defense-against-ddos/
(Limiting the HTTP request rate) with some modifications and the rate limiting
works as required.
I'd like to ask if there is a way how to return 429 error instead of 403 as it
returned now with the rule http-request deny ?
The interesting part of config file looks like this:
frontend:
stick-table type ip size 10k expire 30s store gpc0
# Refuse a new connection from an abuser
tcp-request connection reject if { sc0_get_gpc0 gt 0 }
# Return a 403 for requests in an established connection
http-request deny if { sc0_get_gpc0 gt 0 }
backend:
stick-table type ip size 10k expire 30s store http_req_rate(10s)
# Parse X-Forwarded-For header and add source IP to the sticky tables for
request rate control
tcp-request content track-sc0 hdr_ip(X-Forwarded-For,1) table ft_web
tcp-request content track-sc1 hdr_ip(X-Forwarded-For,1) table bk_web
# If the source IP sent 50 or more http requests over the defined period flag
the IP as an abuser
acl abuse sc1_http_req_rate gt 50
acl flag_abuser sc0_inc_gpc0(ft_web) gt 0
# Return a 403 to the abuser
http-request deny if abuse flag_abuser
Thanks for help.
Kind Regards,
Zbynek
