到目前为止,我们一直在单个主机上使用速率限制规则-foo.dev.com
(条目解析为ALB)每5分钟300个请求
现在我们想要拆分更多的规则,以便我们对不同的主机名有不同的规则(都解析相同的ALB),以便我们实现例如:
aaa-foo.dev.com
-每5分钟100个请求bbb-foo.dev.com
- 200请求/5分钟
aaa
和bbb
将是我们的应用程序将服务的不同客户端
请给点提示!
这是我如何设法解决这个问题,使用ByteMatchStatement
比较如果主机头STARTS_WITH
'{clientname}',希望它能帮助别人:
{
"Name": "foobar-acl",
"DefaultAction": {
"Allow": {}
},
"Description": "",
"Rules": [
{
"Name": "rate-limit-main",
"Priority": 0,
"Statement": {
"RateBasedStatement": {
"Limit": 3000,
"AggregateKeyType": "IP"
}
},
"Action": {
"Block": {
"CustomResponse": {
"ResponseCode": 429,
"CustomResponseBodyKey": "html_responce"
}
}
},
"VisibilityConfig": {
"SampledRequestsEnabled": false,
"CloudWatchMetricsEnabled": false,
"MetricName": "foobar-rate-limit-main"
}
},
{
"Name": "rate-limit-clientname",
"Priority": 1,
"Statement": {
"RateBasedStatement": {
"Limit": 100,
"AggregateKeyType": "IP",
"ScopeDownStatement": {
"ByteMatchStatement": {
"SearchString": "clientname",
"FieldToMatch": {
"SingleHeader": {
"Name": "host"
}
},
"TextTransformations": [
{
"Priority": 1,
"Type": "NONE"
}
],
"PositionalConstraint": "STARTS_WITH"
}
}
}
},
"Action": {
"Block": {
"CustomResponse": {
"ResponseCode": 409,
"CustomResponseBodyKey": "html_responce"
}
}
},
"VisibilityConfig": {
"SampledRequestsEnabled": false,
"CloudWatchMetricsEnabled": true,
"MetricName": "foobar-clientname"
}
},
{
"Name": "rate-limit-clientname2",
"Priority":21,
"Statement": {
"RateBasedStatement": {
"Limit": 100,
"AggregateKeyType": "IP",
"ScopeDownStatement": {
"ByteMatchStatement": {
"SearchString": "clientname2",
"FieldToMatch": {
"SingleHeader": {
"Name": "host"
}
},
"TextTransformations": [
{
"Priority": 2,
"Type": "NONE"
}
],
"PositionalConstraint": "STARTS_WITH"
}
}
}
},
"Action": {
"Block": {
"CustomResponse": {
"ResponseCode": 409,
"CustomResponseBodyKey": "html_responce"
}
}
},
"VisibilityConfig": {
"SampledRequestsEnabled": false,
"CloudWatchMetricsEnabled": true,
"MetricName": "foobar-clientname2"
}
}
],
"VisibilityConfig": {
"SampledRequestsEnabled": false,
"CloudWatchMetricsEnabled": true,
"MetricName": "foobar-acl"
},
"Capacity": 6,
"ManagedByFirewallManager": false,
"CustomResponseBodies": {
"html_responce": {
"ContentType": "TEXT_HTML",
"Content": "<div>You exceeded the maximum number of requests !</div>"
}
}
}