Hi, We want to achieve key based rate limiting. For example, let’s say if queries per minute is > 300 for 2m for 5 times then use http tarpit. Note we do not want to block the offender first time but if he repeats the same for more than 5 times.
Api keys are coming on http header as api-key
Here is the portion of the conf file what I want to achieve
frontend http_front
bind *:80
#Server 01
acl server01 hdr_dom(api-key) -i kbcf6c5b2d56d51d89b85
# ACL Functions for rate_limit
acl tx_is_api hdr_dom(host) -i -m sub \-api
acl tx_is_api path_reg -i ^(/v4-)?/api/.*$
acl has_auth_header req.fhdr(api-key) -m found
# API specific counters
acl mark_as_api_abuser sc0_inc_gpc0(be_429_table_api) gt 0
acl req_rate_api_abuse sc0_http_req_rate(be_429_table_api) gt 300
# API table fetches
http-request track-sc0 table be_429_table_api if has_auth_header tx_is_api
# set API call var
http-request set-var(txn.req_api) bool(true) if tx_is_api
use_backend be_429_slow_down if tx_is_api mark_as_api_abuser req_rate_api_abuse
backend be_429_table_api
stick-table type string size 200k expire 2m store gpc0, http_req_rate(60s)
backend be_429_slow_down
timeout tarpit 5s
http-request tarpit
What I don’t understand how to achieve that 5 times window ? Should it be acl mark_as_api_abuser sc0_inc_gpc0(be_429_table_api) gt 5 ? Or should I use another counter separately like this?
acl mark_as_api_abuser sc0_inc_gpc0(be_429_table_api) gt 0
acl acl abuse_cnt src_get_gpc0(Abuse) gt 5
How the counter will reset in this scenario ?
Also what happens when stick-table is expired ? Lets say user is blocked on 1m 59 sec, will he remain blocked for next 2 min ? What value should I choose as expire in these scenario ?
Please help