Synopsis
For different reason, we may want to limit the number of connections or the number of requests we allow to a web farm.
In example:
- give more capacity to authenticated users compared to anonymous one
- limit web farm users per virtualhost
- protect your website from spiders
- etc…
Basically, we’ll manage two webfarm, one with as much as capacity as we need, and an other one where we’ll redirect people we want to slow down.
The routing decision can be taken using a header, a cookie, a part of the url, source IP address, etc…
Configuration
The configuration below would do the job.
There are only two webservers in the farm, but we want to slow down some virtual host or old and almost never used applications in order to protect and let more capacity to the regular traffic.
You can play with the inspect-delay time to be more or less aggressive.
frontend www bind :80 mode http acl spiderbots hdr_cnt(User-Agent) eq 0 acl personnal hdr(Host) www.personnalwebsite.tld www.oldname.tld acl oldies path_beg /old /foo /bar use_backend limited_www if spiderbots or personnal or oldies default_backend www backend www mode http server be1 192.168.0.1:80 check maxconn 100 server be1 192.168.0.2:80 check maxconn 100 backend limited_www mode http acl too_fast be_sess_rate gt 10 acl too_many be_conn gt 10 tcp-request inspect-delay 3s tcp-request content accept if ! too_fast or ! too_many tcp-request content accept if WAIT_END server be1 192.168.0.1:80 check maxconn 100 server be1 192.168.0.2:80 check maxconn 100
Results
Without the example above, an apache bench would be able to go up to 3600 req/s on the regular farm and only 9 req/s on the limited one.