Ricardo Fraile
2017-02-02 08:04:56 UTC
Hello,
Taking as starting point the following rate limit sticky table, in which
the requests are tracked by the "X-Client-IP" header and have an acl to
limit if there are more than 250 in 1 second:
stick-table type ip size 1m expire 1h store gpc0,http_req_rate(1s)
http-request track-sc0 req.hdr_ip(X-Client-IP,1)
acl rule_average sc0_http_req_rate gt 250
http-request deny if rule_average
With this configuration, a user is blocked if have more than 250 request
in a second. For example, at the same time, 192.168.1.1 can have 250
requests and 192.168.1.2 an other 250 requests.
But is it possible to apply this limit behaviour taking into account the
subnet?, for example, if the load balancer receive more than 250 request
from the 192.168.1.0/24, limit each particular IP, for example, at the
same time, 192.168.1.1 can have 100 and 192.168.1.2 the other 150, but
not more than 250 together.
Thanks,
Taking as starting point the following rate limit sticky table, in which
the requests are tracked by the "X-Client-IP" header and have an acl to
limit if there are more than 250 in 1 second:
stick-table type ip size 1m expire 1h store gpc0,http_req_rate(1s)
http-request track-sc0 req.hdr_ip(X-Client-IP,1)
acl rule_average sc0_http_req_rate gt 250
http-request deny if rule_average
With this configuration, a user is blocked if have more than 250 request
in a second. For example, at the same time, 192.168.1.1 can have 250
requests and 192.168.1.2 an other 250 requests.
But is it possible to apply this limit behaviour taking into account the
subnet?, for example, if the load balancer receive more than 250 request
from the 192.168.1.0/24, limit each particular IP, for example, at the
same time, 192.168.1.1 can have 100 and 192.168.1.2 the other 150, but
not more than 250 together.
Thanks,