Synopsis

For different reason, we may want to limit the number of connections or the number of requests we allow to a web farm.
In example:

  • give more capacity to authenticated users compared to anonymous one
  • limit web farm users per virtualhost
  • protect your website from spiders
  • etc…

Basically, we’ll manage two webfarm, one with as much as capacity as we need, and an other one where we’ll redirect people we want to slow down.
The routing decision can be taken using a header, a cookie, a part of the url, source IP address, etc…

Configuration

The configuration below would do the job.

There are only two webservers in the farm, but we want to slow down some virtual host or old and almost never used applications in order to protect and let more capacity to the regular traffic.

you can play with the inspect-delay time to be more or less aggressive.

[sourcecode language=”text”]
frontend www
bind :80
mode http
acl spiderbots hdr_cnt(User-Agent) eq 0
acl personnal hdr(Host) www.personnalwebsite.tld www.oldname.tld
acl oldies path_beg /old /foo /bar
use_backend limited_www if spiderbots or personnal or oldies
default_backend www

backend www
mode http
server be1 192.168.0.1:80 check maxconn 100
server be1 192.168.0.2:80 check maxconn 100

backend limited_www
mode http
acl too_fast be_sess_rate gt 10
acl too_many be_conn gt 10
tcp-request inspect-delay 3s
tcp-request content accept if ! too_fast or ! too_many
tcp-request content accept if WAIT_END
server be1 192.168.0.1:80 check maxconn 100
server be1 192.168.0.2:80 check maxconn 100
[/sourcecode]

Results

Without the example above, an apache bench would be able to go up to 3600 req/s on the regular farm and only 9 req/s on the limited one.

Related articles

Links