Hi,
On Mon, Feb 11, Badari Prasad wrote:
> I want to rate limit based on url
> [/api/v1/monitoring-event/A000001, /api/v1/client1/transfer_data,
> /api/v1/client2/transfer_data ] no matter what the source ip address is.
Something like this might help you. Unfortunately at the moment
I don't have time to create a better example.
acl api_a1 path_beg /a1
acl api_b1 path_beg /b1
acl rate_5 sc0_http_req_rate(test_be) gt 5
acl rate_15 sc0_http_req_rate(test_be) gt 15
# You might want to add acl so you'll only track paths you're
# interested in.
http-request track-sc0 path table test_be
# if you want to track only /a1 /b1 part of path
# you can use for example field converter:
#http-request track-sc0 path,field(1,/,2) table test_be
#http-request set-header X-Rate %[sc0_http_req_rate(test_be)]
http-request deny deny_status 429 if api_a1 rate_5
http-request deny deny_status 403 if api_b1 rate_15
# adjust len and size etc. to your needs
backend test_be
stick-table type string len 40 size 20 expire 180s store
http_req_rate(60s)
-Jarno
> On Mon, Feb 11, 2019 at 7:34 PM Jarno Huuskonen <[email protected]>
> wrote:
>
> > Hi,
> >
> > On Mon, Feb 11, Badari Prasad wrote:
> > > Thank you for the response. I came up with my own haproxy cfg, where
> > i
> > > would want to rate limit based on event name and client id in url.
> > > URL ex : /api/v1/<event_name>/<clientid>
> > >
> > > Have attached a file for my haproxy cfg. But it does not seems to be
> > rate
> > > limiting the incoming requests.
> >
> > > backend st_src_monte
> > > stick-table type string size 1m expire 10s store http_req_rate(10s)
> > > ...
> > >
> > > acl monte_as1_exceeds_limit src_http_req_rate(st_src_as1_monte) gt 990
> > > acl monte_in_limit src_http_req_rate(st_src_as1_monte) lt 1000
> > > http-request track-sc0 src table st_src_as1_monte
> >
> > There's no st_src_as1_monte table in your example config, there's
> > st_src_monte table.
> >
> > > http-request deny deny_status 429 if { path_beg
> > /api/v1/monitoring-event/A000001 AND monte_as1_exceeds_limit }
> >
> > You're tracking connections with src, but the stick table is type string,
> > have you checked from admin socket that the stick table has entries,
> > something like:
> > echo 'show table st_src_monte' | nc -U /var/lib/haproxy/stats
> > (insted of nc -U, socat stdio /var/lib/haproxy/stats should also work).
> >
> > If you want to track src ip, then stick-table type ip or ipv6 is
> > probably better.
> >
> > >> I would want to configure 1000 tps for url
> > /api/v1/client1/transfer_data or
> > >> 500 tps for /api/v1/client2/user_data and so on....
> >
> > Do you mean that only 1000 tps goes to
> > /api/v1/client1/transfer_data (no matter what the source ip addresses
> > are) or each source ip can send 1000 tps to /api/v1/client1/transfer_data ?
--
Jarno Huuskonen
