Rate limit requests
How do you ensure that your application is not bombarded with requests from the same bots / visitors.
It is very common that your application is bombarded with requests from the same IP address. Because your php-fpm processes will quickly run out, regular visits are not possible anymore.
By simply limiting the number of PHP requests per IP, you'll solve many of these problems. You can set the rate limiting with the hipex command exactly how you’d like!
With rate limiting, you limit the number of requests per minute from one IP. Next to the initial request, many pages contain additional ajax requests. Those requests will come in as a burst.
With the rate limit command, you can limit how many requests per path prefix, full request path or regex are allowed per minute and how many come in as bursts.
The limitations will be saved in the domain configuration folder in these files:
To limit the number of PHP requests to 5 per minute, you can use the following command:
hipex security:ratelimit 5
The visitor can execute 1 request every 12 seconds that'll end up in PHP. Add a burst to it and the visitor is allowed to make 1 request per 12 seconds, or 5 at the same time and then a block for 1 minute
hipex security:ratelimit 5 --burst=5
To block the request on the admin for 1 per minute, add the path for the admin part
hipex security:ratelimit 1 /<management>/admin/index/index
Or just for the skin & media so that the visitor can quickly download all static content.
hipex security:ratelimit 1000 /media
All paths will be seen as prefix by default, however it is also possible to specify paths as a regex:
hipex security:ratelimit 1000 '/(media|skin)' --path-type=regex
Or as an absolute path:
hipex security:ratelimit 1000 /checkout/cart/add --path-type=exact
If you want to see which limitations are active, you can run the command without arguments.
hipex security:ratelimit +-----------+-----------+-----------+-------+ | Path | Path Type | Frequency | Burst | +-----------+-----------+-----------+-------+ | php | prefix | 1r/m | 20 | | /somepath | prefix | 1r/m | 2 | +-----------+-----------+-----------+-------+
You can remove a line with the option
hipex security:ratelimit 2 /somepath --remove
Of course, the option
--help is implemented, so you can view all options and possibilities of the command:
hipex security:ratelimit --help