I’m wondering if there is a way to set per-host (that is: per domain) rate-limiting in HAProxy, using maps?
My frontend setup is as follows (it’s essentially the example given on the HAProxy website):
# Create a 100,000-strong, ten-second expiry stick table that tracks HTTP requests over a sliding ten second window stick-table type binary len 8 size 100k expire 10s store http_req_rate(10s) # Track client by base32+src (Host header + URL path + src IP) http-request track-sc0 base32+src # Check map file to get rate limit for paths; default to 200 for all others http-request set-var(req.rate_limit) path,map_beg(/etc/haproxy/rates.map,200) # Ensure that the client's request rate is tracked http-request set-var(req.request_rate) base32+src,table_http_req_rate() # Subtract the current request rate from the limit; if less than zero, set rate_abuse to true acl rate_abuse var(req.rate_limit),sub(req.request_rate) lt 0 # If rate abuse is detected, give status 429 http-request deny deny_status 429 if rate_abuse
In the maps file, I can set rates per path like this:
/path1 20 /path2 10
But what I’d really like to be able to do is set them per domain, too. As it is, the paths in the example above apply to both foo.com and bar.com. Ideally, I’d like to be able to set different limits on foo.com/path1 and bar.com/path1. Is there any way of doing this within the same frontend?