irule_rate shaping -:
when RULE_INIT {
set static::maxquery 200
set static::period 300
set static::holdtime 300
}
when CLIENT_DATA {
if { [table lookup -subtable "blacklist" [IP::client_addr]] != "" } {
reject
return
}
set reqno [table incr "reqs:[IP::client_addr]"]
table timeout "reqs:[IP::client_addr]" [expr { $static::period * 2 }]
table set -subtable "reqrate:[IP::client_addr]" $reqno "ignored" indefinite $static::period
if { [table keys -count -subtable "reqrate:[IP::client_addr]"] > $static::maxquery } {
table add -subtable "blacklist" [IP::client_addr] "blocked" indefinite $static::holdtime
log local0. "Allowed QPS exceeded for user ip [IP::client_addr]"
reject
return
}
}