Zeus Traffic Manager is a fantastic load balancer and provides a number tools to manage your network & web enabled applications.
I have been using their Trafficscript for number of years now, and it provides a powerful tool to control your network traffic.
One such benefit is rate shaping, which can be triggered by any http header information you wish. It could be by user-agent, cookie or Url. Below is an example of how I rate limit users hitting specific Urls which can put excess load on the servers if abused.
Firstly, you need to create a "Rate Class" on the ZXTM appliance. In this case I have limited requests to 20 over a 60 second period.
Now you need to create a Trafficscript rule and assign it to the ZXTM Virtual Server.
# Look for a cookie - If the users cookie contains their sessionId we will use that to identify the user. This is because traffic may appear from behind a proxy or office IP which would cause the rate limit to assume all requests are one user
$userid = http.getCookie( "_session_id" );
#get URL - grab the URL from the request so we can apply the rate limit to only the Url we want to.
$url = http.getRawURL();
# If no cookie use IP - If there is no cookie, then either the browser has disabled it or in 99% of cases its a crawler
if( $userid == "" ) { $userid = request.getRemoteIP(); }
# Now we apply the rate shaping if the Url contains "search" or "login"
if( string.regexmatch( $url, "^/search" )
|| string.regexmatch( $url, "^/login" )) {
rate.use( "limit", $userid );
}
The result will prevent any denial of service and smooth out normal traffic to ensure all users get a good response.
You can then apply different rate classes to different requests as needed. For example you could rate limit based on user-agent.
No comments:
Post a Comment