[prev in list] [next in list] [prev in thread] [next in thread] 

List:       mod-security-users
Subject:    Re: [mod-security-users] Rate Limiting Apache: Units associated with "burst_rate_limit" ?
From:       Andrew Howe <andrew.howe () loadbalancer ! org>
Date:       2022-03-13 14:34:03
Message-ID: CADi1syCrymnMQ6oj6WJbmexBXFknaVJBqK_ES1=juhMO50a0sQ () mail ! gmail ! com
[Download RAW message or body]

Hi Patrick,

> Upstream we actually have a pool of Citrix Netscalers – but when we tried making \
> use of the Citrix recommended DoS features, we found that we ended up hitting up \
> many false positives (just due to the legitimate "background noise" that individual \
> users generated). Perhaps there is a way for the Netscalers to handle URL based \
> rules (with counters), but the Netscalers seem to be more focused on protection \
> against massive DoS style events.

The Netscalers will 100% support the logic to filter out a subset of
requests by URL (probably using a regular expression) and apply a rate
limit only to those.

Alternatively, you could try filtering out the requests in question
and sending them to a separate virtual service: one with a low
"maximum connections" limit to force connections to queue if there's a
sudden spike in traffic.

Not sure what the exact Citrix terminology would be or which buttons
you'd need to press (I work for a competing vendor ;) ), but I'd be
surprised if those scenarios aren't supported.

Thanks,
Andrew

-- 

Andrew Howe
Loadbalancer.org Ltd.
www.loadbalancer.org
+1 888 867 9504 / +44 (0)330 380 1064


_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/


[prev in list] [next in list] [prev in thread] [next in thread]