Greetings,
On 2/23/2019 3:06 AM, Santos Das wrote:
Hi,
I have a requirement where I need to allow only certain request rate
for a given URL.
Say /login can be accessed at the rate of 10 RPS. If I get 100 RPS,
then 10 should be allowed and 90 should be denied.
There are a couple of ways to do that, the easiest method is blocking
before the track (so that a blocked request doesn't count against the
limit). Given that in this example you are already using the table_
fetches instead of the sc_ fetches you could just move both http-request
set-var lines, the acl line, and the http-request deny line so it is
above the http-request track-sc0 line.
Thanks,
- Chad
Any help on how this can be achieved ?
*I tried to use the sticky table, but once it blocks it blocks for
ever. Please advise.*
frontend api_gateway
bind 0.0.0.0:80 <http://0.0.0.0/>
mode http
option forwardfor
default_backend nodes
# Set up stick table to track request rates
stick-table type binary len 8 size 1m expire 10s store http_req_rate(10s)
# Track client by base32+src (Host header + URL path + src IP)
http-request track-sc0 base32+src
# Check map file to get rate limit for path
http-request set-var(req.rate_limit)
path,map_beg(/etc/hapee-1.8/maps/rates.map)
# Client's request rate is tracked
http-request set-var(req.request_rate)
base32+src,table_http_req_rate(api_gateway)
# Subtract the current request rate from the limit
# If less than zero, set rate_abuse to true
acl rate_abuse var(req.rate_limit),sub(req.request_rate) lt 0
# Deny if rate abuse
http-request deny deny_status 429 if rate_abuse
backend nodes
mode http
balance roundrobin
server echoprgm 10.37.9.30:11001 <http://10.37.9.30:11001/> check
