Rate limit options missing

Discussion in 'Plugins/Modules/Addons' started by Keagan, Apr 22, 2022.

Tags:
  1. Keagan

    Keagan Member

  2. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    That is a customisation made by schaal-it, there are no settings in ispconfig for that yet. You can configure it from the cli (search the forum for examples).
     
  3. Alex Mamatuik

    Alex Mamatuik New Member

    I use Redis as a Rate Limiter:
    (plenty of tutorials over the internet how to deploy it)

    My case: Centos7 + php 5.6

    Simple setup:
    yum --enablerepo=remi install redis
    systemctl enable redis
    systemctl start redis

    cd /tmp
    wget https://pecl.php.net/get/redis-4.3.0.tgz
    tar xzvf redis-4.3.0.tgz
    phpize
    cd redis-4.3.0/
    phpize
    ./configure
    make
    make test
    make install

    nano /etc/php.d/redis.ini
    systemctl restart httpd php-fpm
    php -m | grep redis

    Redis' configuration:
    {/etc/redis.conf}
    • daemonize yes
    • supervised systemd
    • # save 3600 1
      # save 300 100
      # save 60 10000
    • dir /var/lib/redis
    • maxmemory 1024mb (or 512mb)
    • maxmemory-policy allkeys-lfu
    • appendonly yes

    tail /var/log/redis/redis.log
    | `-._`-._ _.-'_.-' |
    `-._ `-._`-.__.-'_.-' _.-'
    `-._ `-.__.-' _.-'
    `-._ _.-'
    `-.__.-'

    4681:M 28 Feb 19:16:48.584 # Server started, Redis version 3.2.12
    4681:M 28 Feb 19:16:48.584 # WARNING you have Transparent Huge Pages (THP) support enabled in your kernel. This will create latency and memory usage issues with Redis. To fix this issue run the command 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' as root, and add it to your /etc/rc.local in order to retain the setting after a reboot. Redis must be restarted after THP is disabled.
    4681:M 28 Feb 19:16:48.584 * DB loaded from disk: 0.000 seconds
    4681:M 28 Feb 19:16:48.584 * The server is now ready to accept connections on port 6379


    Fixing the warning:
    nano /usr/bin/disable-transparent-hugepage
    #!/bin/bash
    echo never > /sys/kernel/mm/transparent_hugepage/enabled
    exit 0


    chown root:root /usr/bin/disable-transparent-hugepage
    chmod 770 /usr/bin/disable-transparent-hugepage

    nano /etc/systemd/system/disable-transparent-hugepage.service
    [Unit]
    Description=Disable Transparent Huge Pages (THP) for Redis.
    Before=redis.service

    [Service]
    Type=exec
    ExecStart=/usr/bin/disable-transparent-hugepage

    [Install]
    WantedBy=multi-user.target


    systemctl enable disable-transparent-hugepage.service

    Test:
    redis-cli PING
    -> PONG

    index.php
    Then the fragment, which should be added (before execution of any other commands):
    <?php

    $redis = new Redis();
    $redis->connect('127.0.0.1', 6379);
    $redis->auth('REDIS_PASSWORD');

    $max_calls_limit = 10;
    $time_period = 10;
    $total_user_calls = 0;

    if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
    $user_ip_address = $_SERVER['HTTP_CLIENT_IP'];
    } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
    $user_ip_address = $_SERVER['HTTP_X_FORWARDED_FOR'];
    } else {
    $user_ip_address = $_SERVER['REMOTE_ADDR'];
    }

    if (!$redis->exists($user_ip_address)) {
    $redis->set($user_ip_address, 1);
    $redis->expire($user_ip_address, $time_period);
    $total_user_calls = 1;
    } else {
    $redis->INCR($user_ip_address);
    $total_user_calls = $redis->get($user_ip_address);
    if ($total_user_calls > $max_calls_limit) {

    exit();
    }
    }

    ..................
    /** REST OF THE CODE ***/
     

Share This Page