Rate limiting a src IP range

Hi all,

I have rate limiting in place at the moment, but I regularly see spikes of requests from literally ~100 IPs within the same class-C network (I mean not a specific class-C, but various class-C’s).

I’m wondering if anyone can work out a way to create rate limiting rules that are not based around the absolute IP, but rather the /24 (or whatever you want for that matter) src IP range.

eg. if I have:

2.2.2.40 - 4 requests
2.2.2.55 - 3 requests
2.2.2.111 - 4 requests
2.2.2.181 - 3 requests

…all within 10 seconds, this exceeds 10 requests within the last 10 seconds for the /24 range… but not for the individual IPs, I’m after a way to say “if >10 in 10 seconds for /24 block” if that makes sense.

Help would be most appreciated!

Cheers,
Aaron.

Try replacing src with src,ipmask(24).

Also see:

1 Like

You my friend are a legend!

Your help is sooo appreciated, a big thank you!

1 Like

Hi again,

I realise another related issue that I have…

I’m trying to use this in the context of a URL + src based filter… but for the src I want the mask.

ie. base32+src,ipmask(24)

From what I can tell, this isn’t valid… is there any way to make it happen?
I (wrongly) assumed that the + was a concat operator, but it seems it isn’t universal.

Getting closer, please point me in the right direction:

http-request set-var(req.b32) base32
http-request set-var(req.ipmsk) src,ipmask(24)
http-request set-var(txn.smesht) str(),concat(<b32=,req.b32,>),concat(<mask=,req.ipmsk,>)
http-request set-var(req.rate_limitmask) path,map_beg(/etc/haproxy-repo/rates.map,30)
http-request set-var(req.request_ratemask) txn.smesht,table_http_req_rate(st_global_srcmask_1m)

while parsing ‘http-request set-var(req.request_ratemask)’ rule : unknown fetch method ‘txn.smesht’.

It should be var(txn.smesht) I think.

1 Like