Skip to content

Introduce a cidr list to exclude from connection rate limiting#883

Draft
b1tamara wants to merge 1 commit intocloudfoundry:masterfrom
sap-contributions:natgaway
Draft

Introduce a cidr list to exclude from connection rate limiting#883
b1tamara wants to merge 1 commit intocloudfoundry:masterfrom
sap-contributions:natgaway

Conversation

@b1tamara
Copy link
Contributor

No description provided.

@@ -0,0 +1,25 @@
# generated from cidrs_to_exclude_from_blocking.txt.erb
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suggest to rename the file to cidrs_to_exclude_from_rate_limiting.txt to show that it is connected to rate limiting.

it 'adds http-request deny condition to http-in and https-in frontends' do
expect(frontend_http).to include('tcp-request connection reject if { sc_conn_rate(0) gt 5 }')
it 'adds tcp-request connection reject condition to http-in and https-in frontends' do
expect(frontend_http).to include('tcp-request connection reject if { sc_conn_rate(0) gt 5 } !cidr_list_to_exclude')
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The acl check is missing here as the acl will exist but the file will be empty

expect(frontend_http).to include('acl cidr_list_to_exclude src -f /var/vcap/jobs/haproxy/config/cidrs_to_exclude_from_blocking.txt')

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

Development

Successfully merging this pull request may close these issues.

2 participants