[prev in list] [next in list] [prev in thread] [next in thread]
List: mod-security-users
Subject: Re: [mod-security-users] Rate Limiting Apache: Units associated with "burst_rate_limit" ?
From: Andrew Howe <andrew.howe () loadbalancer ! org>
Date: 2022-03-13 14:34:03
Message-ID: CADi1syCrymnMQ6oj6WJbmexBXFknaVJBqK_ES1=juhMO50a0sQ () mail ! gmail ! com
[Download RAW message or body]
Hi Patrick,
> Upstream we actually have a pool of Citrix Netscalers – but when we tried making \
> use of the Citrix recommended DoS features, we found that we ended up hitting up \
> many false positives (just due to the legitimate "background noise" that individual \
> users generated). Perhaps there is a way for the Netscalers to handle URL based \
> rules (with counters), but the Netscalers seem to be more focused on protection \
> against massive DoS style events.
The Netscalers will 100% support the logic to filter out a subset of
requests by URL (probably using a regular expression) and apply a rate
limit only to those.
Alternatively, you could try filtering out the requests in question
and sending them to a separate virtual service: one with a low
"maximum connections" limit to force connections to queue if there's a
sudden spike in traffic.
Not sure what the exact Citrix terminology would be or which buttons
you'd need to press (I work for a competing vendor ;) ), but I'd be
surprised if those scenarios aren't supported.
Thanks,
Andrew
--
Andrew Howe
Loadbalancer.org Ltd.
www.loadbalancer.org
+1 888 867 9504 / +44 (0)330 380 1064
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic