@sunnysigara wrote:
Hi, We want to achieve key based rate limiting. For example, let’s say if queries per minute is > 300 for 2m for 5 times then use http tarpit. Note we do not want to block the offender first time but if he repeats the same for more than 5 times.
Api keys are coming on http header as
api-keyHere is the portion of the conf file what I want to achieve
frontend http_front bind *:80 #Server 01 acl server01 hdr_dom(api-key) -i kbcf6c5b2d56d51d89b85 # ACL Functions for rate_limit acl tx_is_api hdr_dom(host) -i -m sub \-api acl tx_is_api path_reg -i ^(/v4-)?/api/.*$ acl has_auth_header req.fhdr(api-key) -m found # API specific counters acl mark_as_api_abuser sc0_inc_gpc0(be_429_table_api) gt 0 acl req_rate_api_abuse sc0_http_req_rate(be_429_table_api) gt 300 # API table fetches http-request track-sc0 table be_429_table_api if has_auth_header tx_is_api # set API call var http-request set-var(txn.req_api) bool(true) if tx_is_api use_backend be_429_slow_down if tx_is_api mark_as_api_abuser req_rate_api_abuse backend be_429_table_api stick-table type string size 200k expire 2m store gpc0, http_req_rate(60s) backend be_429_slow_down timeout tarpit 5s http-request tarpitWhat I don’t understand how to achieve that 5 times window ? Should it be
acl mark_as_api_abuser sc0_inc_gpc0(be_429_table_api) gt 5? Or should I use another counter separately like this?acl mark_as_api_abuser sc0_inc_gpc0(be_429_table_api) gt 0 acl acl abuse_cnt src_get_gpc0(Abuse) gt 5How the counter will reset in this scenario ?
Also what happens when stick-table is expired ? Lets say user is blocked on 1m 59 sec, will he remain blocked for next 2 min ? What value should I choose as expire in these scenario ?
Please help
Posts: 1
Participants: 1