Hi,
I’m trying to setup a stick-table to prevent DDOS attacks on a couple of specific urls.
My setup is as such, in the frontend:
acl is_some_path path /my/path/
acl is_some_other_path path /my/other/path
stick-table type ip size 1m expire 3600s store http_req_rate(1s)
http-request track-sc0 src if is_some_path || is_some_other_path
http-request deny deny_status 429 if { sc_http_req_rate(0) gt 10 }
So I’m trying to “jail” those ip for an hour whenever they are doing more than 10 requests per second on one of the paths.
However it does not seem to completely work. It’s filtering 80% of the traffic but not all, sometimes 30 requests go through in a second whitout being filtered with a 429 error.
Did I setup something wrong?
Thanks.