Greetings,
On 08/30/2016 05:12 PM, Chad Lavoie wrote:
Greetings,
On 08/30/2016 12:30 PM, Sam kumar wrote:
Hello Sir,
I am trying to implement rate limiting using HA proxy for my HTTP
restful services.
My requirement is to go implement below two scenario
1.URL based : Every API urls will have different throttle limit
To have limits that differ for different URL's I'd use a list of ACL's
that look like the following:
http-request deny if { sc_http_req_rate(0) gt 10 } { path /api/call1 }
http-request deny if { sc_http_req_rate(0) gt 20 } { path /api/call2 }
I didn't directly mention, but if you use the same stick table and
authorization token the limits will be additive (so that 10 requests to
one and 5 to another mean all will be checked with a limit of 15).
If you don't want this and don't have an excessive number of unique ones
I'd advise making a stick table for each.
If you do have an excessive number of them you may be better trying to
track by src+url with the base32+src match instead or making a converter
in LUA to combine the api and token.
- Chad
In addition to path you can use path_beg to match against the
beginning of the path, you can also use url_param
(https://cbonte.github.io/haproxy-dconv/1.7/configuration.html#7.3.6-url_param)
and other fetch methods depending on your requirements.
2. Authorization header : Every client has unique authorization token
so using this I can have a throttle limit for each client.
For this you will want a stick table which stores a string
(https://cbonte.github.io/haproxy-dconv/1.7/configuration.html#4-stick-table):
backend track_api_token
stick-table type string len 32 size 1024 store http_req_rate(10s)
Then in your frontend:
http-request track-sc0 hdr(X-Authorization) table track_api_token
From there you can limit using the above rules.
Thanks,
- Chad
I was trying to get help from various other blogs but could not find
much on this.
Please provide some examples or sample code for the same so that I
can achieve this functionality
Thanks
Sam