Can you throttle traffic/requests by IP or HTTP Header info with ACE?

Unanswered Question
Jun 25th, 2007
User Badges:

I am looking for a way to throttle certain traffic either by source IP or by info I can extract in the http header or uri. I dont want to block this traffic, I just want to throttle it down from say 50 requests /sec to 2 requests/sec or add a delay to the response.


The goal is to not allow certain high volume out of control automated traffic to dominate resources in a web farm. Any ideas?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Gilles Dufour Tue, 06/26/2007 - 04:51
User Badges:
  • Cisco Employee,

with version 2.0 you will be able to rate-limit traffic based on the criteria you mentioned.

However, the action taken when the traffic exceeds the limit is to drop.

Not dropping would mean to buffer data and send them later with a delay.

This is a risky business. Buffering means more memory needed - more cpu. And what happens during a site attack for hackers ?

Definitely, you want to drop.

Applications can recover anyway.


Gilles.

jdean1 Tue, 06/26/2007 - 13:10
User Badges:

Thanks. Just to be clear on the rate limit criteria:


Will we be able to rate limit based on requests per second? or just bandwidth utilization?


We are concerned with requests/sec. Thanks,


JD

Gilles Dufour Wed, 06/27/2007 - 00:26
User Badges:
  • Cisco Employee,

both options will exist.

Connection rate and bandwidth rate.


Gilles.

Actions

This Discussion