{"id":17845,"date":"2023-07-21T16:13:10","date_gmt":"2023-07-21T16:13:10","guid":{"rendered":"https:\/\/webhostinggeeks.com\/howto\/?p=17845"},"modified":"2023-07-20T09:15:23","modified_gmt":"2023-07-20T09:15:23","slug":"how-to-setup-rate-limiting-with-haproxy","status":"publish","type":"post","link":"https:\/\/webhostinggeeks.com\/howto\/how-to-setup-rate-limiting-with-haproxy\/","title":{"rendered":"How to Setup Rate Limiting with HAProxy"},"content":{"rendered":"

\"How<\/p>\n

As a server administrator or webmaster, you may have encountered situations where your server resources are being excessively consumed by certain users or IP addresses. This could be due to a variety of reasons, such as a user running a script that makes too many requests, or even a malicious attempt to overwhelm your web server<\/a>. In such scenarios, rate limiting can be a lifesaver.<\/p>\n

Rate limiting is a technique for limiting network traffic. It sets a limit on how many requests a client can make to a server in a specified amount of time. HAProxy<\/a>, a popular open-source proxy software<\/a> that provides high availability, load balancing<\/a>, and proxy for TCP and HTTP-based applications, has built-in support for rate limiting.<\/p>\n

In this tutorial, we will guide you through the process of setting up rate limiting with HAProxy on your server, whether it’s a dedicated<\/a>, VPS<\/a>, or cloud<\/a> machine. This will help you to protect your server resources, ensure fair usage, and maintain the quality of service for all users.<\/p>\n

Let’s get started!<\/p>\n

Step 1: Installing HAProxy<\/h2>\n

The first step is to install HAProxy on your server. Depending on your server’s operating system, the installation command may vary. For Debian-based systems like Ubuntu, you can use the following command:<\/p>\n

\r\nsudo apt-get update\r\nsudo apt-get install haproxy\r\n<\/pre>\n
For Red Hat-based systems like CentOS, you can use:<\/p>\n
\r\nsudo yum update\r\nsudo yum install haproxy\r\n<\/pre>\n
After running these commands, HAProxy should be installed on your server.<\/p>\n
Step 2: Configuring HAProxy for Rate Limiting<\/h2>\n
Once HAProxy is installed, the next step is to configure it for rate limiting. This involves editing the HAProxy configuration file, which is typically located at \/etc\/haproxy\/haproxy.cfg.<\/p>\n
Open the configuration file in a text editor:<\/p>\n
\r\nsudo nano \/etc\/haproxy\/haproxy.cfg\r\n<\/pre>\n
In the configuration file, you will need to define a frontend that listens for incoming connections, a backend that forwards the connections to your web server, and the rate limiting rules.<\/p>\n
Here is an example of how to set up rate limiting to allow a maximum of 10 HTTP requests per minute from a single IP address:<\/p>\n
\r\nfrontend http_front\r\n    bind *:80\r\n    stick-table type ip size 200k expire 1m store http_req_rate(60s)\r\n    tcp-request connection track-sc1 src\r\n    tcp-request connection reject if { src_get_gpc0(http_front) gt 10 }\r\n\r\nbackend http_back\r\n    server web1 192.168.1.2:80\r\n<\/pre>\n
In this configuration, the stick-table directive creates a table to track the rate of HTTP requests from each IP address. The tcp-request connection track-sc1 src directive tells HAProxy to track the source IP address of each connection. The tcp-request connection reject if { src_get_gpc0(http_front) gt 10 } directive tells HAProxy to reject any new connections if the IP address has made more than 10 requests in the past minute.<\/p>\n
After editing the configuration file, save and close it.<\/p>\n
Step 3: Restarting HAProxy<\/h2>\n
After making changes to the HAProxy configuration file, you need to restart HAProxy for the changes to take effect. You can do this with the following command:<\/p>\n
\r\nsudo systemctl restart haproxy\r\n<\/pre>\n
Now, HAProxy should be enforcing the rate limiting rules you defined.<\/p>\n
Step 4: Verifying the Setup<\/h2>\n
To verify that rate limiting is working, you can try making more than 10 requests to your server from the same IP address within a minute. If rate limiting is working correctly, HAProxy should reject the excess requests.<\/p>\n
You can also check the HAProxy logs for entries indicating that connections have been rejected due to rate limiting. The logs are typically located at \/var\/log\/haproxy.log.<\/p>\n
\r\nsudo tail \/var\/log\/haproxy.log\r\n<\/pre>\n
Look for log entries with the message “Connection rejected due to rate limiting”. This indicates that rate limiting is working as expected.<\/p>\n
Step 5: Monitoring Rate Limiting<\/h2>\n
Monitoring is a crucial aspect of maintaining a healthy server environment. With HAProxy, you can monitor the rate limiting in real-time using the built-in statistics page. This page provides a wealth of information about the current state of your HAProxy instance, including the number of connections, the rate of connections, and more.<\/p>\n
To enable the statistics page, you need to add a “listen” section to your HAProxy configuration file:<\/p>\n
\r\nlisten stats\r\n    bind *:8080\r\n    stats enable\r\n    stats uri \/stats\r\n    stats refresh 30s\r\n<\/pre>\n
In this configuration, HAProxy will serve the statistics page on port 8080, at the \/stats URL. The page will be refreshed every 30 seconds.<\/p>\n
After adding this configuration, save the file and restart HAProxy:<\/p>\n
\r\nsudo systemctl restart haproxy\r\n<\/pre>\n
You can now access the statistics page by navigating to http:\/\/your_server_ip:8080\/stats in your web browser.<\/p>\n
Step 6: Fine-Tuning Rate Limiting<\/h2>\n
The rate limiting configuration provided in this tutorial is a basic one, allowing a maximum of 10 HTTP requests per minute from a single IP address. Depending on your server’s capacity and your specific needs, you may need to adjust these numbers.<\/p>\n
For example, if your server is powerful and you’re not experiencing any issues with excessive requests, you might want to increase the limit. On the other hand, if your server is struggling to handle the current load, you might need to decrease the limit.<\/p>\n
To adjust the rate limit, simply change the number in the following line of the HAProxy configuration:<\/p>\n
\r\ntcp-request connection reject if { src_get_gpc0(http_front) gt 10 }\r\n<\/pre>\n
Replace “10” with the desired maximum number of requests per minute.<\/p>\n
Remember to restart HAProxy after making any changes to the configuration:<\/p>\n
\r\nsudo systemctl restart haproxy\r\n<\/pre>\n
Commands Mentioned:<\/h2>\n