Rate Limit
From Tech-Wiki
when HTTP_REQUEST {
#timeoutvalue is how long requests stay in the auth attempts table
set timeoutvalue 30
#maxattempts is the number of requests that can happen within the timeoutvalue before being shunned
set maxattempts 20
#shuntimeout is the time that the source IP will be blocked once it gets shunned
set shuntimeout 60
#reset every request if in shun table
if { [table lookup -subtable "shun" [IP::client_addr]] > 0 } {
table incr -subtable "shun" [IP::client_addr]
set totaldrops [table lookup -subtable "shun" [IP::client_addr]]
reject
#log local0. "SHUN - Reset connection from [IP::client_addr] - Total: $totaldrops"
return
}
if { ( [string tolower [HTTP::uri]] equals "/auth/login" ) } {
#placeholder- send back fake auth response if in shun table
#create large random number to act as an approx unique key - key collisions are not too detrimental
set randkey [expr { int(100000000 * rand()) } ]
#log local0. "URI match: created random key $randkey, adding to subtable for [IP::client_addr]"
table set -subtable [IP::client_addr] $randkey 1 $timeoutvalue
if { [table keys -subtable [IP::client_addr] -count] > $maxattempts} {
log local0. "auth rate exceeded for [IP::client_addr], adding IP to shun table. Will unblock if no new conns for $shuntimeout seconds"
#add source IP to the shun table with value of 1
#note, this specific request was not blocked, but new connections from same src IP will be blocked on next request
table set -subtable "shun" [IP::client_addr] 1 $shuntimeout
}
}
}