I am using the following configuration. But, it works like DDOS.
Once it starts blocking, it blocks for ever.
frontend api_gateway
bind 0.0.0.0:80
mode http
option forwardfor
default_backend nodes
# Set up stick table to track request rates
#stick-table type binary len 8 size 1m expire 10s store
http_req_rate(10s)
stick-table type integer size 1m store http_req_rate(10s)
# Track client by base32+src (Host header + URL path + src IP)
http-request track-sc0 base32
# Check map file to get rate limit for path
http-request set-var(req.rate_limit)
path,map_beg(/etc/haproxy/maps/rates.map)
# Client's request rate is tracked
http-request set-var(req.request_rate)
base32,table_http_req_rate(api_gateway)
# Subtract the current request rate from the limit
# If less than zero, set rate_abuse to true
acl rate_abuse var(req.rate_limit),sub(req.request_rate) lt 0
#acl rate_abuse var(req.request_rate) gt var(req.rate_limit)
# Deny if rate abuse
http-request deny deny_status 429 if rate_abuse
#use_backend nodes
listen stats
bind 0.0.0.0:9090
stats enable
stats uri /haproxy?stats
stats realm Strictly\ Private
stats auth affirmed:affirmed
backend nodes
mode http
balance roundrobin
server echoprgm 10.37.9.30:11001 check
On Sat, Feb 23, 2019 at 12:06 AM Santos Das <[email protected]> wrote:
> Hi All,
>
> I want to use Haproxy to do the Rate limiting the front end URL.
>
> I tried the suggestions mentioned here. But, I see that using these, once
> it blocks it blocks for ever. So, this is like DDOS not the Rate limiting.
>
> My requirement is that the customer can access the URL /XYZ000/ at 1000
> RPS and /ABC000/ at 2000 RPS for second if more that than the prescribed
> number of requests received then the extra should be rejected. How do we
> achieve the same ?
>
> I tried the following, but once it blocks , it blocks for ever which is
> like DDOS. Please help !
>
>
> https://blog.codecentric.de/en/2014/12/haproxy-http-header-rate-limiting/
>
> https://www.haproxy.com/blog/introduction-to-haproxy-maps/
>
>
> Thanks, Santos
>
