Forum Discussion

Nimbostratus

Jun 24, 2013

Session Filter

Hi All, Jumping in here at the deep end and completely lost as to where to start looking! Any help most appreciated! Have been asked to evaluate the possibility of using (already dep...

Nimbostratus

Jun 25, 2013

Been going through all the tech notes etc and wonder would this be a valid approach?

Thanks

Matt


when RULE_INIT {
  set static::windowSecs 5
}
 setting 5 second timer from receiving first request from client. Any additional request during this time period should be refused
when HTTP_REQUEST {
  if { [HTTP::method] eq "POST" } {
    if { ! [HTTP::header exists Authorization] } {
      HTTP::respond 429 content "Rejected due to large volume of duplicate requests from same client"
      return
    }
 Here I am rejecting any of the duplicate requests if that unique ID is found in the table.
set myUserID [getfield [b64decode [substr [HTTP::header "Authorization"] 6 end]] ":" 1]
    set myMaxRate [findclass $myUserID $::MaxPOSTRates "1"]
    if { $myMaxRate ne "" } {
      set reqnum [table incr "req:$myUserId"]
      set tbl "countpost:$myUserId"
      table set -subtable $tbl $reqnum "ignored" indef $static::windowSecs
      if { [table keys -subtable $tbl -count] > $myMaxRate } {
        HTTP::respond 303 Location http://server.to.post.to/
        return
      }
    }
  }
}
Setting MaxPOSTRate as a variable in case I need to add different scenarios for different providers

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)