Page MenuHomePhabricator
Paste P67085

(An Untitled Masterwork)
ActivePublic
Actions

Authored by CDanis on Jul 30 2024, 7:43 PM.
Tags
None
Referenced Files
F56794396: raw-paste-data.txt
Jul 30 2024, 7:43 PM
Subscribers
None
### All of this from Puppet, as usual
# Pseudo-backends used only for statistics tracking.
backend httpreqrate
stick-table type ipv6 size 1m expire 300s store http_req_rate(10s),gpc_rate(10,300s)
backend httpreqrate_http
stick-table type ipv6 size 1m expire 300s store http_req_rate(10s),gpc_rate(10,300s)
listen tls
http-request track-sc0 src table httpreqrate
### All of the above from Puppet, as usual
### All of the below from requestctl
## per-ip-default-concurrency
acl per-ip-default-concurrency_too-high-now sc0_trackers(httpreqrate) ge 500
acl per-ip-default-concurrency_too-high-recently sc_gpc_rate(0,0,httpreqrate) gt 0
acl per-ip-default-concurrency_mark-as-too-high sc_inc_gpc(0,0,httpreqrate)
# per-ip-default-concurrency logging enabled
http-request set-var(req.dummy) src,debug(silent-drop_for_300s/per-ip-default-concurrency) if per-ip-default-concurrency_too-high-now !per-ip-default-concurrency_too-high-recently
# per-ip-default-concurrency mark: (logging OR enforcement) enabled
http-request set-var(req.dummy) src if per-ip-default-concurrency_too-high-now per-ip-default-concurrency_mark-as-too-high
# per-ip-default-concurrency enforcement enabled
http-request silent-drop if per-ip-default-concurrency_too-high-recently
## per-ip-sussy-concurrency
acl per-ip-sussy-concurrency_too-high-now sc0_trackers(httpreqrate) ge 50
acl per-ip-sussy-concurrency_too-high-recently sc_gpc_rate(0,1,httpreqrate) gt 0
acl per-ip-sussy-concurrency_mark-as-too-high sc_inc_gpc(0,1,httpreqrate)
# per-ip-sussy-concurrency logging enabled
http-request set-var(req.dummy) src,debug(silent-drop_for_300s/per-ip-sussy-concurrency) if ipblock_known_sussy per-ip-sussy-concurrency_too-high-now !per-ip-sussy-concurrency_too-high-recently
# per-ip-sussy-concurrency mark: (logging OR enforcement) enabled
http-request set-var(req.dummy) src if ipblock_known_sussy per-ip-sussy-concurrency_too-high-now per-ip-sussy-concurrency_mark-as-too-high
# per-ip-sussy-concurrency enforcement enabled
http-request silent-drop if ipblock_known_sussy per-ip-sussy-concurrency_too-high-recently
## per-ip-aws-concurrency
acl per-ip-aws-concurrency_too-high-now sc0_trackers(httpreqrate) ge 25
acl per-ip-aws-concurrency_too-high-recently sc_gpc_rate(0,2,httpreqrate) gt 0
acl per-ip-aws-concurrency_mark-as-too-high sc_inc_gpc(0,2,httpreqrate)
# per-ip-aws-concurrency logging enabled
http-request set-var(req.dummy) src,debug(silent-drop_for_300s/per-ip-aws-concurrency) if ipblock_cloud_aws per-ip-aws-concurrency_too-high-now !per-ip-aws-concurrency_too-high-recently
# per-ip-aws-concurrency mark: (logging OR enforcement) enabled
http-request set-var(req.dummy) src if ipblock_cloud_aws per-ip-aws-concurrency_too-high-now per-ip-aws-concurrency_mark-as-too-high
# per-ip-aws-concurrency enforcement disabled
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits