HAProxy Enterprise Documentation 2.2r1
Tarpit
You can tarpit a client's HTTP request, which stalls the request for a period of time before returning an error response. This is often used to deter a malicious bot army, since it ties up bots so that they cannot immediately retry their requests.
In the example below, we use http-request tarpit
to tarpit the client if they exceed a rate limit. Use timeout tarpit
to set how long HAProxy Enterprise waits before returning an error response:
frontend www
bind :80
stick-table type ip size 100k expire 30s store http_req_rate(10s)
http-request track-sc0 src
timeout tarpit 10s
http-request tarpit deny_status 429 if { sc_http_req_rate(0) gt 20 }
default_backend webservers
Next up
Bot Management