haproxytechblog/blog20231213-01.cfg Secret

## blog20231213-01.cfg
rates.map:
<vpce_id>,/path <limit>
<vpce_id>,/path <limit>
<vpce_id>,/path <limit>

## blog20231213-02.cfg
vpc-01234567890abcdef,/api 30

## blog20231213-03.cfg
frontend fe_main
  bind :80 accept-proxy

## blog20231213-04.cfg
http-request set-var(txn.vpce_id) fc_pp_tlv(0xEA),bytes(1)

## blog20231213-05.cfg
  http-request set-var-fmt(txn.vpcratekey) "%[var(txn.vpce_id)],%[path]"
  http-request set-var-fmt(txn.vpctrackkey) "%[var(txn.vpce_id)],%[path],%[src]"

## blog20231213-06.cfg
  http-request set-var(req.vpcrate_limit) var(txn.vpcratekey),map_beg(/var/lib/dataplaneapi/storage/maps/rates.map,20)

## blog20231213-07.cfg
backend ratebyvpc
  stick-table type binary size 1073741824 expire 120000 peers "$peers_section_name" store http_req_rate(1m)
backend ratebyvpc.agg
  stick-table type binary size 1073741824 expire 120000 peers "$peers_section_name" store http_req_rate(1m)

## blog20231213-08.cfg
http-request track-sc0 var(txn.vpctrackkey) table ratebyvpc

## blog20231213-09.cfg
http-request set-var(req.vpcrequest_rate) var(txn.vpctrackkey),table_http_req_rate(ratebyvpc.agg)

## blog20231213-10.cfg
  acl vpc_rate_abuse var(req.vpcrate_limit),sub(req.vpcrequest_rate) lt 0
  http-request deny deny_status 429 if vpc_rate_abuse
	rates.map:
	<vpce_id>,/path <limit>
	<vpce_id>,/path <limit>
	<vpce_id>,/path <limit>
	http-request set-var-fmt(txn.vpcratekey) "%[var(txn.vpce_id)],%[path]"
	http-request set-var-fmt(txn.vpctrackkey) "%[var(txn.vpce_id)],%[path],%[src]"
	backend ratebyvpc
	stick-table type binary size 1073741824 expire 120000 peers "$peers_section_name" store http_req_rate(1m)
	backend ratebyvpc.agg
	stick-table type binary size 1073741824 expire 120000 peers "$peers_section_name" store http_req_rate(1m)
	acl vpc_rate_abuse var(req.vpcrate_limit),sub(req.vpcrequest_rate) lt 0
	http-request deny deny_status 429 if vpc_rate_abuse