├── 429.http ├── LICENSE ├── README.md └── haproxy.cfg /429.http: -------------------------------------------------------------------------------- 1 | HTTP/1.1 429 Too Many Requests 2 | Cache-Control: no-cache 3 | Connection: close 4 | Content-Type: text/plain 5 | Retry-After: 60 6 | 7 | Too Many Requests (HAP429). 8 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2014 Daniel Schneller 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | 23 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | haproxy-http-based-rate-limiting 2 | ================================ 3 | 4 | Example configuration for the codecentric blog post on rate limiting requests based on HTTP header contents and other high level information with HAProxy. 5 | 6 | For details on how to use this, see [the codecentric blog](https://blog.codecentric.de/en/2014/12/haproxy-http-header-rate-limiting) 7 | -------------------------------------------------------------------------------- /haproxy.cfg: -------------------------------------------------------------------------------- 1 | frontend fe_api_ssl 2 | bind 192.168.0.1:443 ssl crt /etc/haproxy/ssl/api.pem no-sslv3 ciphers ... 3 | default_backend be_api 4 | 5 | tcp-request inspect-delay 5s 6 | 7 | acl document_request path_beg -i /v2/documents 8 | acl is_upload hdr_beg(Content-Type) -i multipart/form-data 9 | acl too_many_uploads_by_user sc0_gpc0_rate() gt 100 10 | acl mark_seen sc0_inc_gpc0 gt 0 11 | 12 | stick-table type string size 100k store gpc0_rate(60s) 13 | 14 | tcp-request content track-sc0 hdr(Authorization) if METH_POST document_request is_upload 15 | 16 | use_backend be_429_slow_down if mark_seen too_many_uploads_by_user 17 | 18 | backend be_429_slow_down 19 | timeout tarpit 2s 20 | errorfile 500 /etc/haproxy/errorfiles/429.http 21 | http-request tarpit 22 | 23 | backend be_api 24 | ... 25 | --------------------------------------------------------------------------------