![]() |
![]()
| ![]() |
![]()
NAMEvmod_vsthrottle - Throttling VMODSYNOPSISimport vsthrottle [from "path"] ;DESCRIPTIONA Varnish vmod for rate-limiting traffic on a single Varnish server. Offers a simple interface for throttling traffic on a per-key basis to a specific request rate. Keys can be specified from any VCL string, e.g. based on client.ip, a specific cookie value, an API token, etc. The request rate is specified as the number of requests permitted over a period. To keep things simple, this is passed as two separate parameters, 'limit' and 'period'. This VMOD implements a token bucket algorithm. State associated with the token bucket for each key is stored in-memory using BSD's red-black tree implementation. Memory usage is around 100 bytes per key tracked. Example:vcl 4.0; import vsthrottle; backend default { .host = "192.0.2.11"; .port = "8080"; } sub vcl_recv { # Varnish will set client.identity for you based on client IP. if (vsthrottle.is_denied(client.identity, 15, 10s)) { # Client has exceeded 15 reqs per 10s return (synth(429, "Too Many Requests")); } # There is a quota per API key that must be fulfilled. if (vsthrottle.is_denied("apikey:" + req.http.Key, 30, 60s)) { return (synth(429, "Too Many Requests")); } # Only allow a few POST/PUTs per client. if (req.method == "POST" || req.method == "PUT") { if (vsthrottle.is_denied("rw" + client.identity, 2, 10s)) { return (synth(429, "Too Many Requests")); } } } CONTENTS
BOOL is_denied(STRING, INT, DURATION)
Arguments:
sub vcl_recv { if (vsthrottle.is_denied(client.identity, 15, 10s)) { # Client has exceeded 15 reqs per 10s return (synth(429, "Too Many Requests")); } # ... } INT remaining(STRING, INT, DURATION)
Description Get the current number of tokens for a given token
bucket. This can be used to create a response header to inform clients of
their current quota.
sub vcl_deliver { set resp.http.X-RateLimit-Remaining = vsthrottle.remaining(client.identity, 15, 10s); }
|