-
-
Save haproxytechblog/374133870f54188f75337476ec5c637a to your computer and use it in GitHub Desktop.
Rate limiting based on AWS VPC ID
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rates.map: | |
<vpce_id>,/path <limit> | |
<vpce_id>,/path <limit> | |
<vpce_id>,/path <limit> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
vpc-01234567890abcdef,/api 30 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
frontend fe_main | |
bind :80 accept-proxy |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
http-request set-var(txn.vpce_id) fc_pp_tlv(0xEA),bytes(1) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
http-request set-var-fmt(txn.vpcratekey) "%[var(txn.vpce_id)],%[path]" | |
http-request set-var-fmt(txn.vpctrackkey) "%[var(txn.vpce_id)],%[path],%[src]" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
http-request set-var(req.vpcrate_limit) var(txn.vpcratekey),map_beg(/var/lib/dataplaneapi/storage/maps/rates.map,20) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
backend ratebyvpc | |
stick-table type binary size 1073741824 expire 120000 peers "$peers_section_name" store http_req_rate(1m) | |
backend ratebyvpc.agg | |
stick-table type binary size 1073741824 expire 120000 peers "$peers_section_name" store http_req_rate(1m) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
http-request track-sc0 var(txn.vpctrackkey) table ratebyvpc |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
http-request set-var(req.vpcrequest_rate) var(txn.vpctrackkey),table_http_req_rate(ratebyvpc.agg) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
acl vpc_rate_abuse var(req.vpcrate_limit),sub(req.vpcrequest_rate) lt 0 | |
http-request deny deny_status 429 if vpc_rate_abuse |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment