Rate limit HTTP requests by URL
You can assign distinct rate limits to individual URLs and pages in your web application. This type of configuration can be useful when different pages require different amounts of processing time, and thus can handle a different number of concurrent users. This configuration uses a map file to associate different rate limits to different URLs in your web application.
In the
/etc/hapee-2.7
directory, create a file calledrates.map
.-
In the file, list the URL paths and rate thresholds, for example:
/urla 10
/urlb20/urlc30 -
Update the proxy configuration to include the
stick-table
andhttp-request track
directives shown below:frontend website bind :80 stick-table type binary len 20 size 100k expire 10s store http_req_rate(10s) # Track client by base32+src (Host header + URL path + src IP) http-request track-sc0 base32+src
The stick table has a key of
binary
to match the tracked value generated by thehttp-request track-sc0 base32+src
directive, which is a hash of the HTTP Host header, the URL path, and the client's source IP address. This key allows us to differentiate request rates across all different web pages. -
Add the following
http-request set-var
directive to retrieve the rate limit threshold from therates.map
file:# Check map file to get rate limit for path http-request set-var(req.rate_limit) path,map_beg(/etc/hapee-2.7/rates.map,20)
This directive finds the request rate threshold in the
rates.map
file for the current URL path being requested. If the URL is not in the map file, a default value of 20 is used. The resulting threshold value is stored in the variablereq.rate_limit
. -
Add the following
http-request set-var
directive to record the client's request rate:# Client's request rate is tracked http-request set-var(req.request_rate) base32+src,table_http_req_rate()
-
Create an ACL named
rate_abuse
that is set totrue
if the client request rate is greater than the rate limit threshold.# Subtract the current request rate from the limit # If less than zero, set rate_abuse to true acl rate_abuse var(req.rate_limit),sub(req.request_rate) lt 0
-
If the threshold is exceeded, deny the request.
# Deny if rate abuse http-request deny deny_status 429 if rate_abuse default_backend servers
Next up
Rate limit HTTP requests by URL parameter