Le 3/1/22 à 22:00, Henning Svane a écrit :
http-request track-sc0 src table table_login_limiter if { url_beg /login } {
status 401 }
http-request tarpit deny_status 429 if { sc_http_req_rate(0) gt 10 } { url_beg
/login }
Hi,
You cannot match on the response status in a request rule. At this stage, the
response is not received yet. So, you should rely on an http-response rule
instead. But, at this stage, url_beg is no longer available because the request
was already sent. You must use capture.req.uri instead.
In addition, because the tracking will be performed during the response
evaluation, you must use table_http_req_rate() converter to look up in your
stick-table. (Note that in your tarpit rule, you must explicitly specify the
table name)
You can try the following rules :
http-request tarpit deny_status 429 if {
src,table_http_req_rate(table_login_limiter) gt 10 } { url_beg /login }
http-response track-sc0 src table table_login_limiter if { capture.req.uri -m
beg /login } { status 401 }
You can also match on the url in an http-request rule to set a variable and use
it in the http-response rule.
Regards,
--
Christopher Faulet
