Block IP if reach rate limit

Help!
1

Hi,
I have this configuration for rate limiting in HAproxy. I want to ensure that if a user hits the rate limit, their IP will be blocked for 5 minutes. Currently, in this configuration, if a user sends 200 requests in 10 seconds, they will reach the rate limit, but their IP will not be blocked. How can I modify it so that their IP gets blocked for 5 minutes when they reach the rate limit?

frontend front_api
    bind *:80
    timeout client 30s
    redirect scheme https if !{ ssl_fc }
    http-request set-header X-Forwarded-Proto https if { ssl_fc }
    mode http

    stick-table type ip size 1m expire 24h store http_req_rate(10s)
    tcp-request connection track-sc1 src
    http-request track-sc0 src table front_api
    acl exempt_ip src 10.0.0.19 10.0.0.4
    acl rate_limited src_http_req_rate(front_api) ge 200
    use_backend blocked_ips if rate_limited !exempt_ip

backend blocked_ips
    mode http
    http-request deny deny_status 429
    timeout client 300s
2

Think you misunderstood how sliding window rate limiting works HAProxy Rate Limiting: Four Examples, note the emphasized word last.

In your example the rate limiting is per 10 seconds meaning the client gets blocked for that period of 10s then the counter starts from zero for the next 10 seconds and so on. If you want to simulate rate limiting per 300 seconds then you should set the sampling rate to 300 seconds OR the request limit to let’s say 50 (which equals to 30 x 50 = 1500 requests per 5 minutes since you have 30 slots of 10 seconds in 5 minutes).