Re: Rate Limit per IP with queueing (delay)

2020-07-03 Thread Stefano Tranquillini
Returning on the topic, i'm trying a "smarter" solution trying to implement a leaky bucket with a window, as nginx is doing. what i've to do is to store per user the request per minute in current minute and previous minute. i've done in a lua script with a matrix, but i'm quite sure it's not the be

Re: Rate Limit per IP with queueing (delay)

2020-06-10 Thread Igor Cicimov
Glad you found a solution that works for you. I personally don't see any issues with this since lua is lightweight and haproxy is famous for efficient resource management. So all should be good under "normal" usage and by normal I mean a traffic and usage pattern you expect from your app users that

Re: Rate Limit per IP with queueing (delay)

2020-06-09 Thread Stefano Tranquillini
I may have found a solution, that's a bit more elegant (to me) The idea is to use a lua script to do some weighted sleep depending on data. the question is: "is this idea good or bad"? especially, will the "core.msleep" have implications on performance for everybody? If someone uses all the conne

Re: Rate Limit per IP with queueing (delay)

2020-06-09 Thread Igor Cicimov
On Tue, Jun 9, 2020 at 6:48 PM Stefano Tranquillini wrote: > Hello, > i didn't really get what has been changed in this example, and why. > > On Tue, Jun 9, 2020 at 9:46 AM Igor Cicimov < > ig...@encompasscorporation.com> wrote: > >> Modify your frontend from the example like this and let us know

Re: Rate Limit per IP with queueing (delay)

2020-06-09 Thread Stefano Tranquillini
Hello, i didn't really get what has been changed in this example, and why. On Tue, Jun 9, 2020 at 9:46 AM Igor Cicimov wrote: > Modify your frontend from the example like this and let us know what > happens: > > frontend proxy > bind *:80 > stick-table type ip size 100k expire 15s store

Re: Rate Limit per IP with queueing (delay)

2020-06-09 Thread Igor Cicimov
Modify your frontend from the example like this and let us know what happens: frontend proxy bind *:80 stick-table type ip size 100k expire 15s store http_req_rate(10s) http-request track-sc0 src table Abuse use_backend api_delay if { sc_http_req_rate(0) gt 30 } use_backend api

Re: Rate Limit per IP with queueing (delay)

2020-06-08 Thread Stefano Tranquillini
If both users have the same IP then there's a problem, however, if the IPs are different nginx auto-limits the request per minute to the value given. i would like to achieve the same functionality in HA, or have a way to cap the number of calls per IP (or user or whatever) to a certain number. I do

Re: Rate Limit per IP with queueing (delay)

2020-06-08 Thread Igor Cicimov
On Mon, Jun 8, 2020 at 5:18 PM Stefano Tranquillini wrote: > > > On Sun, Jun 7, 2020 at 11:11 PM Илья Шипицин wrote: > >> >> >> вс, 7 июн. 2020 г. в 19:59, Stefano Tranquillini : >> >>> Hello all, >>> >>> I'm moving to HA using it to replace NGINX and I've a question regarding >>> how to do a Ra

Re: Rate Limit per IP with queueing (delay)

2020-06-08 Thread Aleksandar Lazic
Sorry send to early. Now the full answer. On 08.06.20 14:39, Aleksandar Lazic wrote: > On 08.06.20 14:28, Stefano Tranquillini wrote: >> Hi thanks for the reply >> >> why the set-priority is a better choice? >> will it just limit the connection in case there's need while it >> will not limit the

Re: Rate Limit per IP with queueing (delay)

2020-06-08 Thread Aleksandar Lazic
On 08.06.20 14:28, Stefano Tranquillini wrote: > Hi thanks for the reply > > why the set-priority is a better choice? > will it just limit the connection in case there's need while it > will not limit the connection per se? > i mean, if the system is capable of supporting 600 calls, with > the s

Re: Rate Limit per IP with queueing (delay)

2020-06-08 Thread Stefano Tranquillini
Hi thanks for the reply why the set-priority is a better choice? will it just limit the connection in case there's need while it will not limit the connection per se? i mean, if the system is capable of supporting 600 calls, with the set priority it will still process the 600 calls rather than limi

Re: Rate Limit per IP with queueing (delay)

2020-06-08 Thread Aleksandar Lazic
On 08.06.20 09:15, Stefano Tranquillini wrote: > > > On Sun, Jun 7, 2020 at 11:11 PM Илья Шипицин > wrote: > > > > вс, 7 июн. 2020 г. в 19:59, Stefano Tranquillini >: > > Hello all, > > I'm moving to HA using it to r

Re: Rate Limit per IP with queueing (delay)

2020-06-08 Thread Stefano Tranquillini
On Sun, Jun 7, 2020 at 11:11 PM Илья Шипицин wrote: > > > вс, 7 июн. 2020 г. в 19:59, Stefano Tranquillini : > >> Hello all, >> >> I'm moving to HA using it to replace NGINX and I've a question regarding >> how to do a Rate Limiting in HA that enables queuing the requests instead >> of closing th

Re: Rate Limit per IP with queueing (delay)

2020-06-07 Thread Илья Шипицин
вс, 7 июн. 2020 г. в 19:59, Stefano Tranquillini : > Hello all, > > I'm moving to HA using it to replace NGINX and I've a question regarding > how to do a Rate Limiting in HA that enables queuing the requests instead > of closing them. > > I was able to limit per IP following those examples: > htt

Re: Rate Limit per IP with queueing (delay)

2020-06-07 Thread Marco Corte
Hi, Stefano! I am not able to answer your question directly, because of my limited haproxy knowledge. Generally speaking, I prefer to return code 429 when a client makes too many requests, instead of queuing them. This page helped me a lot to understand haproxy capabilities https://icicimov.g

Rate Limit per IP with queueing (delay)

2020-06-07 Thread Stefano Tranquillini
Hello all, I'm moving to HA using it to replace NGINX and I've a question regarding how to do a Rate Limiting in HA that enables queuing the requests instead of closing them. I was able to limit per IP following those examples: https://www.haproxy.com/blog/four-examples-of-haproxy-rate-limiting/

Re: Rate limit per IP

2011-03-20 Thread Willy Tarreau
On Sun, Mar 20, 2011 at 11:12:48AM -0400, Allan Wind wrote: > On 2011-03-20 10:25:07, Baptiste wrote: > > Yes, Haproxy can limit rate connection. > > Please look for "rate-limit sessions" and "fe_sess_rate" in the > > configuration.txt documentation [1]. > > rate-limit and fe_sess_rate are for glo

Re: Rate limit per IP

2011-03-20 Thread Allan Wind
On 2011-03-20 10:25:07, Baptiste wrote: > Yes, Haproxy can limit rate connection. > Please look for "rate-limit sessions" and "fe_sess_rate" in the > configuration.txt documentation [1]. rate-limit and fe_sess_rate are for global for all IPs, right? > In HAproxy 1.5 [2], there are a few more opti

Re: Rate limit per IP

2011-03-20 Thread Baptiste
nd that 1.5 is still in development. [1] http://haproxy.1wt.eu/download/1.4/doc/configuration.txt [2] http://haproxy.1wt.eu/download/1.5/doc/configuration.txt On Sat, Mar 19, 2011 at 9:31 PM, Allan Wind wrote: > Is there a way to rate limit per IP (or CDIR)?  In the sense our > global cap

Rate limit per IP

2011-03-19 Thread Allan Wind
Is there a way to rate limit per IP (or CDIR)? In the sense our global capacity (rate limit sessions) might be x requests/sec, but to protect against abusive bots or DOS attacks we would to also limit any IP or ideally some bigger buckets like a CDIR to say x/100 requests/sec. /Allan