Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: apply sliding window rate limiting #509

Merged
merged 13 commits into from
Dec 18, 2024
9 changes: 9 additions & 0 deletions salt/haproxy/config/haproxy.cfg.jinja
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,15 @@ frontend main
bind :::80
bind 127.0.0.1:19001 # This is our TLS socket.

# Client rate limiting
# See: https://www.haproxy.com/blog/four-examples-of-haproxy-rate-limiting
stick-table type ip size 100k expire 15s store http_req_rate(10s)
http-request track-sc0 src
http-request deny deny_status 429 if { sc_http_req_rate(0) gt 20 }
ewdurbin marked this conversation as resolved.
Show resolved Hide resolved

# Do we need to whitelist the LBs?
{# acl whitelist src 10.132.111.89 10.132.109.52 #}
JacobCoffee marked this conversation as resolved.
Show resolved Hide resolved

# Custom logging format, this is the same as the normal "httplog" in
# HAProxy except information about the TLS connection is included.
log-format %ci:%cp\ [%t]\ %ft\ %b/%s\ %Tq/%Tw/%Tc/%Tr/%Tt\ %sslv/%sslc\ %ST\ %B\ %CC\ %CS\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %hr\ %hs\ %{+Q}r
Expand Down
Loading