paladox commented on issue #7664:
URL: https://github.com/apache/trafficserver/issues/7664#issuecomment-812107399
> There is a plugin called "fq_pacing" which will rate limit individual TCP
connections. Is this sufficient?
Thanks! Not exactly. It doesn't appear you can white list specific ips from
the rate limit or configure a rate limit per domain with it.
For example we do:
```
# Allow higher limits for static.mh.o, we can handle more of those
requests
if (req.http.Host == "static.miraheze.org" || req.http.Host ==
"static-new.miraheze.org") {
if (vsthrottle.is_denied("static:" + req.http.X-Real-IP, 500,
1s)) {
return (synth(429, "Varnish Rate Limit Exceeded"));
}
} else {
# Do not limit /w/load.php, /w/resources, /favicon.ico, etc
# T6283: remove rate limit for IABot (temporarily?)
if (
(req.url ~ "^/wiki" || req.url ~ "^/w/(api|index)\.php")
&& (req.http.X-Real-IP != "185.15.56.22" &&
req.http.User-Agent !~ "^IABot/2")
) {
if (req.url ~
"^/w/index\.php\?title=\S+\:MathShowImage&hash=[0-9a-z]+&mode=mathml") {
# The Math extension at Special:MathShowImage
may cause lots of requests, which should not fail
if (vsthrottle.is_denied("math:" +
req.http.X-Real-IP, 120, 10s)) {
return (synth(429, "Varnish Rate Limit
Exceeded"));
}
} else {
# Fallback
if (vsthrottle.is_denied("mwrtl:" +
req.http.X-Real-IP, 12, 2s)) {
return (synth(429, "Varnish Rate Limit
Exceeded"));
}
}
}
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
