Hello, I'm investigating an issue on specific rules for a customer. The rules are the following :
stick-table type ipv6 size 60000 expire 1h store conn_cur,conn_rate(10s) http-request deny deny_status 429 if { src_conn_cur ge 100 } http-request deny deny_status 429 if { src_conn_rate ge 600 } The expected behaviour is to throw an error if a single IP has more than 100 connections or if it tries to open more than 600 connections in 10s. So first, can you confirm the rules are written correctly ? :) If so, the issue here is that the customer is reporting having 429 errors himself. He was able to troubleshoot these errors to a specific page on his website, with hundreds of images loaded simultaneously. The connection is performed with HTTP2. In my mind, src_conn_cur and src_conn_rate are incremented only when a new TCP connection is triggered on the frontend. But maybe I dont understand it correctly and the hundreds of simultaneous streams in a single http2 connection triggers the limit ? Any hint would help to understand what's happening here. It's difficult as I don't have direct access to rules or the website of course :) Olivier