Rate limit URL or src IP

[Sander Klein]

Hi All,

I know this question has been asked more times, but currently I'm 
experiencing some problems with some people harvesting data from our 
websites at high rates. I would like to block them based on the URL or 
simply on src IP.


Currently I've implemented the 'Limiting the HTTP request rate' setup 
from 
http://blog.exceliance.fr/2012/02/27/use-a-load-balancer-as-a-first-row-of-defense-against-ddos/ 
which works nice, but now they also start coming in with IPv6. Can I 
modify this setup to also work with IPv6 without creating multiple 
frontends or backends?


Greets,

Sander

Re: Rate limit URL or src IP

[Baptiste]

Hi,

With latest HAProxy version, it will apply configuration to IPv4 or IPv6
independently.

Just add an IPv6 bind to your HAProxy setup and you're done.
no IPv6 to configure on your servers, since HAProxy will act as a 6to4
gateway:
http://blog.exceliance.fr/2011/06/14/layer-7-ipv6-configuration/

Baptiste


On Tue, Apr 2, 2013 at 10:11 AM, Sander Klein roe...@roedie.nl wrote:

 Hi All,

 I know this question has been asked more times, but currently I'm
 experiencing some problems with some people harvesting data from our
 websites at high rates. I would like to block them based on the URL or
 simply on src IP.

 Currently I've implemented the 'Limiting the HTTP request rate' setup from
 http://blog.exceliance.fr/**2012/02/27/use-a-load-**
 balancer-as-a-first-row-of-**defense-against-ddos/http://blog.exceliance.fr/2012/02/27/use-a-load-balancer-as-a-first-row-of-defense-against-ddos/which
  works nice, but now they also start coming in with IPv6. Can I modify
 this setup to also work with IPv6 without creating multiple frontends or
 backends?

 Greets,

 Sander