Wow! Thanks a lot for this information, it`s very useful.
From documentation "tarpit" returns 500 when timeout is reached. Is it possible to change response code? 500 it`s not the best code for timeout :)
Thanks again
12.08.2014, 14:18, "Thierry FOURNIER" <[email protected]>:
On Tue, 12 Aug 2014 13:29:45 +0400
Den Bozhok <[email protected]> wrote:
Well, now I know how to count connections by user`s header:
stick-table type string size 32m expire 1m store conn_cur
tcp-request content track-sc0 hdr(X-User-Id)
acl limit_x_user_id sc0_conn_cur gt 500
so acl is created, but I`m only know how to drop connection if it already reached his maximum, but is it possible to push connection to the queue and pull it when limit is passed?
Hello,
For information, you can also store the connection rate in the stick
table like this:
stick-table type string size 32m expire 1m store http_req_rate(1s)
tcp-request content track-sc0 hdr(X-User-Id)
acl limit_x_user_id sc0_http_req_rate gt 1 # limit to one request per second / per user
The acl to drop the connection is:
http-request <KEYWORD> if { limit_x_user_id }
KEYWORD can be:
"tarpit" if you want to slow down this user
"redirect" if you want to redirect the user to an information page
You can also use "block if { limit_x_user_id }" to send a 403 to the user.
Thierry12.08.2014, 11:44, "Ricardo Fraile" <[email protected]>:
Hello,
I'm interested on it too.
Thanks,
