ADC

基于费率的策略示例

本主题列出了基于费率的策略的一些示例。

限制来自 URL 的请求数量

运行以下命令以限制每秒来自 URL 的请求数:

add stream selector ipStreamSelector http.req.url "client.ip.src" add ns limitIdentifier ipLimitIdentifier -threshold 4 -timeSlice 1000 -mode request_rate -limitType smooth -selectorName ipStreamSelector

add responder action myWebSiteRedirectAction redirect ""http: //www.mycompany .com/""

add responder policy ipLimitResponderPolicy "http.req-url.contains("myasp.asp") && sys.check_limit("ipLimitIdentifier")" myWebSiteRedirectaction

bind responder global ipLimitResponderPolicy 100 END -type default
<!--NeedCopy-->

缓存请求 URL 的响应

如果请求 URL 速率超过每 20000 毫秒 5 个,则运行以下命令缓存响应:

add stream selector cacheStreamSelector http.req.url add ns limitidentifier cacheRateLimitIdentifier -threshold 5 -timeSlice 2000 -selectorName cacheStreamSelector

add cache policy cacheRateLimitPolicy -rule "http req.method.eq(get) && sys.check_limit "cacheRateLimitIdentifier")" -action cache

bind cache global cacheRateLimitPolicy -priority 10
<!--NeedCopy-->

如果请求超过速率限制,则运行以下命令,以根据来自 www.mycompany.com 的请求中收到的 cookie 断开连接:

add stream selector reqCookieStreamSelector "http req.cookie «value("mycookie")" "client.ip.src.subnet(24)"

add ns limitIdentifier myLimitIdentifier -Threshold 2 -timeSlice 3000 -selectorName reqCookieStreamSelector

add responder action sendRedirectUrl redirect '"http://www.mycompany.com" + http.req.url' -bypassSafetyCheck YES

add responder policy rateLimitCookiePolicy "http. req.url.contains("www.yourcompany.com") && sys check_limit("myLimitIdentifier")" sendRedirectUrl
<!--NeedCopy-->

丢弃来自特定 IP 地址的 DNS 数据包

如果来自特定客户端 IP 地址和 DNS 域的请求超过速率限制,请运行以下命令丢弃 DNS 数据包:

add stream selector dropDNSStreamSelector client udp.dns.domain client.ip.src
add ns limitIdentifier dropDNSRateIdentifier -timeslice 20000 -mode request_rate -selectorName dropDNSStreamSelector -maxBandwidth 1 -trapsintimeslice 20

add dns policy dnsDropOnClientRatePolicy "sys check_limit ("dropDNSRateIdentifier")" -drop yes
<!--NeedCopy-->

限制来自同一主机的 HTTP 请求数量

运行以下命令以限制来自同一主机、子网掩码为 32 且目标 IP 地址相同的 HTTP 请求的数量:

add stream selector ipv6_sel "CLIENT.IPv6.src.subne (32)" CLIENT.IPv6.dst Q.URL
add ns limitIdentifier ipvé_id -imeSlice 20000 -selectorName ipvé_sel
add lb vserver ipv6é_vip HTTP 3ffe::209 80 -persistenceType NONE -cltTimeout 180
add responder action redirect_page redirect ""http://redirectpage.com/""
add responder policy ipvé_resp_pol "SYS.CHECK_LIMIT("ipv6_id")" redirect_page
bind responder global ipv6_resp_pol 5 END -type DEFAULT
<!--NeedCopy-->
基于费率的策略示例