вс, 7 июн. 2020 г. в 19:59, Stefano Tranquillini <[email protected]>:
> Hello all, > > I'm moving to HA using it to replace NGINX and I've a question regarding > how to do a Rate Limiting in HA that enables queuing the requests instead > of closing them. > > I was able to limit per IP following those examples: > https://www.haproxy.com/blog/four-examples-of-haproxy-rate-limiting/ . > However, when the limit is reached, the users see the error and connection > is closed. > > Since I come from NGINX, it has this handy feature > https://www.nginx.com/blog/rate-limiting-nginx/ where connections that > exceed the threshold are queued. Thus the user will still be able to do the > calls but be delayed without him getting errors and keep the overall number > of requests within threshold. > > Is there anything similar in HA? It should limit/queueing the user by IP. > > To explain with an example, we have two users Alice, with ip A.A.A.A and > Bob with ip B.B.B.B The threshold is 30r/minute. > > So in 1 minute: > > - Alice does 20 requests. -> that's fine > - Bob does 60 requests. -> the system caps the requset to 30 and then > process the other 30 later on (maybe also adding timeout/delay) > - Alice does 50 request -> the first 40 are fine, the next 10 are > queued. > - Bob does 20 requests -> they are queue after the one above. > > I saw that it can be done in general, by limiting the connections per > host. But this will mean that it's cross IP and thus, if 500 is the limit > - Alice does 1 call > - Bob does 1000 calls > - Alice does another 1 call > - Alice will be queued, that's not what i would like to have. > > is this possible? Is there anything similar that can be done? > it is not cross IP. I wish nginx docs would be better on that. first, in nginx terms it is limited by zone key. you can define key using for example $binary_remote_addr$http_user_agent$ssl_client_ciphers that means each unique combination of those parameters will be limited by its own counter (or you can use nginx maps to construct such a zone key) in haproxy you can see and example of # Track client by base32+src (Host header + URL path + src IP) http-request track-sc0 base32+src which also means key definition may be as flexible as you can imagine. > > Thanks > > > -- > *Stefano* > >
