ratelimit module

1 files changed, 22 insertions, 0 deletions

diff --git a/readme.md b/readme.md
index 522e269..c8ed4e5 100644
--- a/readme.md
+++ b/readme.md
@@ -267,6 +267,28 @@ themselves; in that case the request is passed on.
     before the frame that exceeds this limit. Therefore the body is up to one
     frame size smaller than allowed.
 
+- **module `ratelimit`**
+  - Limits the rate at which requests can be processed. For this every identity
+    (see below) has a request counter. The counter is reset after a fixed time
+    delay.
+  - `reference_duration`: Duration in seconds after which request the counter
+    are reset.
+  - `identity`: Requests are counted per identity. Default is source address.
+    - `!global`: Use a central counter
+    - `!source_address`: Count per source ip address
+    - `!source_address_trunc`: Same but truncate them before. Requires keys `v4`
+      and `v6` which control how many trailing bits are discarded respectively.
+    - `!path`: Count per path (excluding query)
+    - `!path_query`: Count per path (including query)
+  - `max_identities`: Always rejects requests if there are already more than
+    this many identites tracked.
+  - `thresholds`: A list of `[threshold, mode]` pairs that are checked and
+    conditionally executed in order.
+    - `!too_many_requests`: Responds with a empty request with 429 status code
+      and `Retry-After` header set. Later thresholds are not checked.
+    - `!exec <path>`: Invokes a script like CGI would but expects no output.
+  - `next`: Inner handler. (module)
+
 - **module `debug`**
   - Replies with information about the request to debug. Includes source
     address, HTTP version, method, URI and headers.