Rate limit HTTP requests by URL
You can assign distinct rate limits to individual URLs and pages in your web application. This type of configuration can be useful when different pages require different amounts of processing time, and thus can handle a different number of concurrent users. This configuration uses a map file to associate different rate limits to different URLs in your web application.
/etc/hapee-2.0directory, create a file called
In the file, list the URL paths and rate thresholds, for example:
Update the proxy configuration to include the
http-request trackdirectives shown below:
frontend website bind :80 stick-table type binary len 20 size 100k expire 10s store http_req_rate(10s) # Track client by base32+src (Host header + URL path + src IP) http-request track-sc0 base32+src
The stick table has a key of
binaryto match the tracked value generated by the
http-request track-sc0 base32+srcdirective, which is a hash of the HTTP Host header, the URL path, and the client's source IP address. This key allows us to differentiate request rates across all different web pages.
Add the following
http-request set-vardirective to retrieve the rate limit threshold from the
# Check map file to get rate limit for path http-request set-var(req.rate_limit) path,map_beg(/etc/hapee-2.0/rates.map,20)
This directive finds the request rate threshold in the
rates.mapfile for the current URL path being requested. If the URL is not in the map file, a default value of 20 is used. The resulting threshold value is stored in the variable
Add the following
http-request set-vardirective to record the client's request rate:
# Client's request rate is tracked http-request set-var(req.request_rate) base32+src,table_http_req_rate()
Create an ACL named
rate_abusethat is set to
trueif the client request rate is greater than the rate limit threshold.
# Subtract the current request rate from the limit # If less than zero, set rate_abuse to true acl rate_abuse var(req.rate_limit),sub(req.request_rate) lt 0
If the threshold is exceeded, deny the request.
# Deny if rate abuse http-request deny deny_status 429 if rate_abuse default_backend servers
Next upRate limit HTTP requests by URL parameter