Forum Discussion
hooleylist
Jan 25, 2012Cirrostratus
I think this should work if you've defined the host/network = limit pairs in the conn_limit_dg data group.
when RULE_INIT {
This defines how long is the sliding window to count the requests. This example allows 10 requests in 3 seconds
set static::windowSecs 3
set static::timeout 30
}
when CLIENT_ACCEPTED {
Max connections per client IP
set limit [class match [IP::client_addr] equals conn_limit_dg]
log local0. "[IP::client_addr]: \$limit: $limit"
}
when HTTP_REQUEST {
if { [HTTP::method] eq "GET" } {
set getCount [table key -count -subtable [IP::client_addr]]
log local0. "getCount=$getCount"
if { $getCount < $limit} {
incr getCount 1
table set -subtable [IP::client_addr] $getCount "ignore" $static::timeout $static::windowSecs
} else { log local0. "[IP::client_addr]: exceeded the number of requests allowed. $getCount / $limit"
HTTP::respond 501 content "Request blockedExceeded requests/sec limit."
}
}
}
Aaron