Here are many examples to limit RPS for each client, at the same time, we also need a way to setup a global request limit.
There are two requirements for this purpose.
- instead track client ip, we need a global track.
- assume we want to setup 1k RPS as a global limit, it should alway allow first 1k requests and only cut off the excess parts.
Here is an example,
frontend fe
bind :80
# we defined a table here and use gpc0 for counting approved access.
stick-table type ip size 100 expire 5s store gpc0_rate(1s)
# instead track client's ip, use server ip here which always get a single ip address.
http-request track-sc0 dst
# define an acl to check whether RPS is greater than 1k.
# Acl will be executed when it be called in an action below.
acl abuse fe_req_rate gt 1000
# always allow the first 1k access.
acl save sc_gpc0_rate(0) lt 1000
# deny all excess access here
http-request deny deny_status 429 if abuse !save
# gpc0 += 1 if current access is not excess our limit
http-request sc-inc-gpc0(0) save
use_backend servers
backend servers
server example-server xxx.xxx.xxx.xxx