-
Notifications
You must be signed in to change notification settings - Fork 1
web server config (modsecurity)
Honghan Wu edited this page Dec 22, 2016
·
1 revision
To set the rate limiting of job creations on our web server, modsecurity is used. Configuration on apache server is as follows.
<LocationMatch "^/napeasy/api/path">
SecRule ARGS:r "@streq retrieveAJob" "id:40001,chain,phase:2,deny,log,msg:'invalid napeasy job retrieval detected'"
SecRule REMOTE_ADDR "!@ipMatch 1.1.1.1" # set the job worker api call to working node IP (change 1.1.1.1 accordingly)
SecAction id:40010,initcol:ip=%{REMOTE_ADDR},pass,nolog
SecAction "id:40011,phase:5,deprecatevar:ip.jobcounter=5/600,pass,nolog" # up to 5 jobs in 10 mins per IP
SecRule IP:jobcounter "@gt 5" "chain,id:40002,phase:2,deny,status:403,nolog" # a rule chain to send HTTP403 when abused
SecRule ARGS:r "@streq createHTJob"
SecRule ARGS:r "@streq createHTJob" "id:40003,phase:2,pass,setvar:ip.jobcounter=+1,nolog" # increase counter
</LocationMatch>