git.ipfire.org Git - thirdparty/haproxy.git/commit

author	Willy Tarreau <w@1wt.eu>
	Sun, 20 Jun 2010 09:56:30 +0000 (11:56 +0200)
committer	Willy Tarreau <w@1wt.eu>
	Tue, 10 Aug 2010 16:04:13 +0000 (18:04 +0200)
commit	6c59e0a9423c9a8b92d596f4647379d0ce07f0b2
tree	4732693afcf6854a0e9f78b35ba85a5ae2792819	tree
parent	91c43d7fe4e5a33c87a9dd82a52156e4daac9b81	commit \| diff

[MEDIUM] session counters: add bytes_in_rate and bytes_out_rate counters

These counters maintain incoming and outgoing byte rates in a stick-table,
over a period which is defined in the configuration (2 ms to 24 days).
They can be used to detect service abuse and enforce a certain bandwidth
limits per source address for instance, and block if the rate is passed
over. Since 32-bit counters are used to compute the rates, it is important
not to use too long periods so that we don't have to deal with rates above
4 GB per period.

Example :
    # block if more than 5 Megs retrieved in 30 seconds from a source.
    stick-table type ip size 200k expire 1m store bytes_out_rate(30s)
    tcp-request track-counters src
    tcp-request reject if { trk_bytes_out_rate gt 5000000 }

    # cause a 15 seconds pause to requests from sources in excess of 2 megs/30s
    tcp-request inspect-delay 15s
    tcp-request content accept if { trk_bytes_out_rate gt 2000000 } WAIT_END

include/types/stick_table.h		diff \| blob \| blame \| history
src/session.c		diff \| blob \| blame \| history
src/stick_table.c		diff \| blob \| blame \| history