HAProxy community

HaProxy Rate Limiting


#1

Hi All,

I want to use Haproxy to do the Rate limiting the front end URL.

I tried the suggestions mentioned here. But, I see that using these, once it blocks it blocks for ever. So, this is like DDOS not the Rate limiting.

My requirement is that the customer can access the URL /XYZ000/ at 1000 RPS and /ABC000/ at 2000 RPS for second if more that than the prescribed number of requests received then the extra should be rejected. How do we achieve the same ?

I tried the following, but once it blocks , it blocks for ever which is like DDOS. Please help !


#2

I am using this configuration and once it is blocked, it gets blocked. It is not limiting the rate, it blocks the access to the URL for ever like DDOS. Strange !

How can I achieve the Rate limiting, i.e limit the rate to the configured value, i.e only allow that rate.

frontend api_gateway
** bind 0.0.0.0:80**
** mode http**
** option forwardfor**

** default_backend nodes**

** # Set up stick table to track request rates**
** #stick-table type binary len 8 size 1m expire 10s store http_req_rate(10s)**
** stick-table type integer size 1m store http_req_rate(10s)**

** # Track client by base32+src (Host header + URL path + src IP)**
** http-request track-sc0 base32**

** # Check map file to get rate limit for path**
** http-request set-var(req.rate_limit) path,map_beg(/etc/haproxy/maps/rates.map)**

** # Client’s request rate is tracked**
** http-request set-var(req.request_rate) base32,table_http_req_rate(api_gateway)**

** # Subtract the current request rate from the limit**
** # If less than zero, set rate_abuse to true**
** acl rate_abuse var(req.rate_limit),sub(req.request_rate) lt 0**
** #acl rate_abuse var(req.request_rate) gt var(req.rate_limit)**

** # Deny if rate abuse**
** http-request deny deny_status 429 if rate_abuse**

** #use_backend nodes**

listen stats
** bind 0.0.0.0:9090**
** stats enable**
** stats uri /haproxy?stats**
** stats realm Strictly\ Private**
** stats auth affirmed:affirmed**

backend nodes
** mode http**
** balance roundrobin**
** server echoprgm 10.37.9.30:11001 check**