Forum Discussion
hooleylist
Jan 31, 2012Cirrostratus
Hi Midhun,
Here you go:
when RULE_INIT {
This defines how long is the sliding window to count the requests. This example allows 10 requests in 3 seconds
set static::windowSecs 3
}
when CLIENT_ACCEPTED {
Max connections per client IP
set limit [class match -value [IP::client_addr] equals conn_limit_dg]
log local0. "[IP::client_addr]: \$limit: $limit"
}
when HTTP_REQUEST {
Check if client IP is in the connection limit data group and the request is a GET
if { $limit ne "" and [HTTP::method] eq "GET"} {
set getCount [table key -count -subtable [IP::client_addr]]
log local0. "[IP::client_addr]: getCount=$getCount"
if { $getCount < $limit} {
incr getCount 1
table set -subtable [IP::client_addr] $getCount "" indefinite $static::windowSecs
} else { log local0. "[IP::client_addr]: exceeded the number of requests allowed. $getCount / $limit"
HTTP::respond 501 content "Request blocked. Exceeded requests/sec limit."
}
}
}
Aaron