Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [rate-limiting]

In computer networks, rate limiting is used to control the rate of traffic sent or received on a network interface.

Traffic that is less than or equal to the specified rate is sent, whereas traffic that exceeds the rate is dropped or delayed. Rate limiting is performed by policing (discarding excess packets), queuing (delaying packets in transit) or congestion control (manipulating the protocol’s congestion mechanism). Policing and queuing can be applied to any network protocol. Congestion control can only be applied to protocols with congestion control mechanisms, such as the transmission control protocol (TCP).

240 questions
36
votes
2 answers

How to rate-limit in nginx, but including/excluding certain IP addresses?

I'm able to use limit_req to rate-limit all requests to my server. However I'd like to remove the rate restriction for certain IP addresses (i.e. whitelist) and use a different rate restriction for certain others (i.e. certain IPs I'd like as low as…
Jason Cohen
  • 1,067
  • 3
  • 14
  • 21
31
votes
1 answer

NGINX - throttle requests to prevent abuse

The reason I want to do this is because users develop against our API with JavaScript, and some developers screw up and cause visitors to slam the server with AJAX requests. When this happens, I want to be able to throttle the API requests to…
orokusaki
  • 2,693
  • 4
  • 28
  • 42
29
votes
4 answers

Rate limiting with UFW: setting limits

UFW's man page mentions that it can setup iptables rate limiting for me: ufw supports connection rate limiting, which is useful for protecting against brute-force login attacks. ufw will deny connections if an IP address has…
Tom
  • 601
  • 2
  • 8
  • 15
28
votes
2 answers

nginx rate limiting with X-Forwarded-For header

I'm looking into rate-limiting using nginx's HttpLimitReqModule. However, requests are all coming from the same IP (a loadbalancer), with the real IP address in the headers. Is there a way to have nginx rate-limit based on the ip in the…
John Brodie
  • 383
  • 1
  • 3
  • 6
18
votes
6 answers

What's the meaning of defining "burst" with "nodelay" option?

In the Nginx configuration, when you want to limit the request processing rate by using the limit_req_zone / limit_req instructions, I don't really understand the use of the nodelay option. In my understanding, it terminates the requests above the…
Nicolas
  • 377
  • 1
  • 4
  • 12
15
votes
2 answers

rsync ionice destination

To avoid rsync to starve the system and network we use ionice when starting rsync and set the --bwlimit parameter. For example: ionice -c2 -n7 rsync -aH --bwlimit=30000 /foo root@dest.com:/ This does indeed help to ensure the source server remains…
Jason Smith
  • 251
  • 2
  • 3
14
votes
7 answers

Postfix throttling for outgoing messages

I need Postfix to send outgoing messages (from local PHP) with a certain rate. Say, one message in 120 seconds. Any messages exceeding this rate should be queued (delayed) and delivered later. Policyd is not what I'm looking for. I don't need…
Sergey Kovalev
  • 237
  • 1
  • 2
  • 3
12
votes
5 answers

Nginx - What is does the nodelay option do when limiting requests?

With the nginx HttpLimitReq module requests can be limited by IP. However, I'm not understanding what the "nodelay" option does. If the excess requests within the limit burst delay are not necessary, you should use the nodelay limit_req …
Xeoncross
  • 4,269
  • 12
  • 42
  • 55
10
votes
3 answers

Should I rate-limit packets with iptables?

I'm using iptables on Ubuntu Server. It's a web server on a VPS. I'd like to know if I should rate-limit packets. If so, what should I rate-limit? And should I do so globally or per IP address? Reference I saw people suggesting this: # Limit…
ML--
  • 325
  • 1
  • 4
  • 11
9
votes
2 answers

using trickle to slow down browser

according to trickle's man page, http://linux.die.net/man/1/trickle i can limit the download speed of a process, e.g. trickle -u 10 -d 20 ncftp to Launch ncftp(1) limiting its upload capacity to 10 KB/s, and download capacity at 20 KB/s. how would I…
tester
  • 565
  • 8
  • 18
8
votes
1 answer

Nginx $http_x_forwarded_for not always being set

I've noticed in our access logs that sometimes, the $http_x_forwarded_for variable has not been set, and instead, the correct IP is the one set to $remote_addr. Is it possible to set $http_x_forwarded_for as $remote_addr, when it doesn't otherwise…
SteveEdson
  • 1,479
  • 3
  • 12
  • 23
7
votes
2 answers

Blocking IPs in HAProxy

A client's website is currently under attack, and I've been called in to fix it. A huge number of IPs (easily over 5,000) is constantly hitting /login, presumably trying to bruteforce their way in. I've changed the site so the page returns a 500…
Grim...
  • 351
  • 1
  • 2
  • 9
7
votes
4 answers

Is there a way to rate limit connection attempts with firewalld?

On our CentOS 6 servers, I've used information from this article to reduce the brute force ssh attempts on our servers, specifically the rate limiting / logging section. Is there a way to do the same thing using firewalld in CentOS 7? I'd prefer to…
palehorse
  • 4,179
  • 5
  • 28
  • 27
7
votes
2 answers

Can I throttle tar without ionice?

My tar command tar --remove-files -cvif 2011-08-02_14-05-09.tar 2011-08-02_14-05-09 Writes 80MB/s. That's beyond the capacity we can spare because MySQL starts queuing up writes and eventually we get monitoring alerts cause systems won't wait…
kvz
  • 402
  • 4
  • 14
6
votes
1 answer

HAProxy rate limiting - ban abuser for 30 minutes

I have the following config, that works OK for rate limiting connections. If an abuser is authenticated and he also accesses the defined regex location more than 30 times per minute, rate limiting is initiated and he is forwarded to the…
Tony
  • 269
  • 4
  • 15
1
2 3
15 16