Re: RGW rate-limiting or anti-hammering for (external) auth requests // Anti-DoS measures

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Hey Istvan,

On 10.01.24 03:27, Szabo, Istvan (Agoda) wrote:
I'm using in the frontend https config on haproxy like this, it works so far good:

stick-table type ip size 1m expire 10s store http_req_rate(10s)

tcp-request inspect-delay 10s
tcp-request content track-sc0 src
http-request deny deny_status 429 if { sc_http_req_rate(0) gt 10000 }

But this serves as a basic rate limit for all request coming from a single IP address, right?

My question was rather about limiting clients in regards to authentication requests / unauthorized requests,
which end up hammering the auth system (Keystone in my case) at full rate.


ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx

[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]

  Powered by Linux