基于费率的策略示例
本主题列出了基于费率的策略的一些示例。
限制来自url的请求数量
运行以下命令以限制每秒来自url的请求数:
添加流选择器src" add ns limitIdentifier ipLimitIdentifier -threshold 4 -timeSlice 1000 -mode request_rate -limitType smooth -selectorName ipStreamSelector add responder action myWebSiteRedirectAction重定向""http: //www.mycompany .com/"" add responder policy ipLimitResponderPolicy "http. request -url.contains("myasp.asp") && sys.check_limit("ipLimitIdentifier")" myWebSiteRedirectAction绑定responder global ipLimitResponderPolicy 100 END -type default 缓存请求url的响应
如果请求url速率超过每20000毫秒5个,则运行以下命令缓存响应:
add streams selector cacheStreamSelector http.req.url add ns limitentifier cacheRateLimitIdentifier -threshold 5 -timeSlice 2000 -selectorName cacheStreamSelector添加缓存策略cacheRateLimitPolicy -rule "http . req.method.eq(get) &&check_limit cacheRateLimitIdentifier)”-action cache bind cache global cacheRateLimitPolicy -priority 10 断开基于cookie的连接
如果请求超过速率限制,则运行以下命令,以根据来自www.mycompany.com的请求中收到的cookie断开连接:
添加流选择器reqCookieStreamSelector饼干«值(“mycookie”)”"client.ip.src.subnet(24)" add ns limitIdentifier myLimitIdentifier -Threshold 2 -timeSlice 3000 -selectorName reqCookieStreamSelector添加响应器动作sendRedirectUrl重定向'"http://www.mycompany.com" + http.req. req。add responder policy rateLimitCookiePolicy "http. url' -bypassSafetyCheck YESreq.url.contains("www.yourcompany.com") && sys check_limit("myLimitIdentifier")" sendRedirectUrl 丢弃来自特定IP地址的DNS数据包
如果来自特定客户端IP地址和DNS域的请求超过速率限制,请运行以下命令丢弃DNS数据包:
添加dns策略dnsDropOnClientRatePolicy "sys check_limit ("dropDNSRateIdentifier")"-drop yes 限制来自同一主机的HTTP请求数量
运行以下命令以限制来自同一主机,子网掩码为32且目标IP地址相同的HTTP请求的数量:
添加流选择器subne(32)”CLIENT.IPv6。dst Q.URL add ns limitIdentifier ipvé_id -imeSlice 20000 -selectorName ipvé_sel add lb vserver ipv6é_vip HTTP 3ffe::209 80 -persistenceType NONE -cltTimeout 180 add responder action redirect_page redirect ""http://redirectpage.com/"" add responder policy ipvé_resp_pol "SYS.CHECK_LIMIT("ipv6_id")" redirect_page bind responder global ipv6_resp_pol 5 END -type DEFAULT
基于费率的策略示例
已复制!
失败!