-
Notifications
You must be signed in to change notification settings - Fork 25
/
Copy pathrate-limit-connection-requests.tcl
66 lines (63 loc) · 2.21 KB
/
rate-limit-connection-requests.tcl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
#
# Copyright 2014, Mischa Peters <mpeters AT a10networks DOT com>, A10 Networks.
# Version 1.0 - 20140205
#
# aFleX script to rate-limit based on connections
# and requests per second.
#
# ::MAX_ holds the number of requests that can be
# done before the client is blacklisted.
#
# The ::HOLDTIME_ is the time in seconds.
#
# ::DEBUG can be set to 1, 2 or 3.
#
# Scalability of this aFleX is unknown.
#
when RULE_INIT {
set ::DEBUG 1
set ::MAX_CONNECTIONS 20
set ::MAX_REQUESTS 15
set ::HOLDTIME 60
}
when CLIENT_ACCEPTED {
set IP [IP::remote_addr]
if { [table lookup blacklist $IP] != "" } {
reject
if { $::DEBUG > 1 } { log "$IP -> blacklist expires in [table lifetime blacklist -remaining $IP] seconds" }
return
}
if { [table lookup tmp_blacklist $IP] == "" } {
table set tmp_blacklist $IP 1
if { $::DEBUG > 2 } { log "$IP -> connection counter created" }
}
set count [table incr tmp_blacklist $IP]
if { $::DEBUG > 2 } { log "$IP -> $count of $::MAX_CONNECTIONS connection" }
table lifetime tmp_blacklist $IP 2
if { $count > $::MAX_CONNECTIONS } {
table add blacklist $IP "Connection Reached" indef $::HOLDTIME
if { $::DEBUG >= 1 } { log "$IP -> blacklisted for $::HOLDTIME seconds" }
table delete tmp_blacklist $IP
if { $::DEBUG > 2 } { log "$IP -> removed from tmp_blacklist" }
reject
return
}
}
when HTTP_REQUEST {
set IP [IP::client_addr]
if { [table lookup tmp_request $IP] == "" } {
table set tmp_request $IP 1
if { $::DEBUG > 2 } { log "$IP -> request counter created" }
}
set request_count [table incr tmp_request $IP]
if { $::DEBUG > 2 } { log "$IP -> $request_count of $::MAX_REQUESTS requests" }
table lifetime tmp_request $IP 2
if { $request_count > $::MAX_REQUESTS } {
table add blacklist $IP "Requests Reached" indef $::HOLDTIME
if { $::DEBUG >= 1 } { log "$IP -> blacklisted for $::HOLDTIME seconds" }
table delete tmp_request $IP
if { $::DEBUG > 2 } { log "$IP -> removed from tmp_request" }
HTTP::respond 200 content "429 Too Many Requests. Your access will be resumed in 60 seconds."
return
}
}