Hello,
I'm investigating an issue on specific rules for a customer.
The rules are the following :
stick-table type ipv6 size 60000 expire 1h store conn_cur,conn_rate(10s)
http-request deny deny_status 429 if { src_conn_cur ge 100 }
http-request deny deny_status 429 if { src_conn_rate ge 600 }
The expected behaviour is to throw an error if a single IP has more than
100 connections or if it tries to open more than 600 connections in 10s.
So first, can you confirm the rules are written correctly ? :)
If so, the issue here is that the customer is reporting having 429 errors
himself. He was able to troubleshoot these errors to a specific page on his
website, with hundreds of images loaded simultaneously. The connection is
performed with HTTP2.
In my mind, src_conn_cur and src_conn_rate are incremented only when a new
TCP connection is triggered on the frontend. But maybe I dont understand it
correctly and the hundreds of simultaneous streams in a single http2
connection triggers the limit ?
Any hint would help to understand what's happening here. It's difficult as
I don't have direct access to rules or the website of course :)
Olivier
