From 939091713a21ac6e508ef365f8ee9f258f6d50f8 Mon Sep 17 00:00:00 2001 From: metamuffin Date: Sun, 30 Mar 2025 20:57:55 +0200 Subject: ratelimit module --- readme.md | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) (limited to 'readme.md') diff --git a/readme.md b/readme.md index 522e269..c8ed4e5 100644 --- a/readme.md +++ b/readme.md @@ -267,6 +267,28 @@ themselves; in that case the request is passed on. before the frame that exceeds this limit. Therefore the body is up to one frame size smaller than allowed. +- **module `ratelimit`** + - Limits the rate at which requests can be processed. For this every identity + (see below) has a request counter. The counter is reset after a fixed time + delay. + - `reference_duration`: Duration in seconds after which request the counter + are reset. + - `identity`: Requests are counted per identity. Default is source address. + - `!global`: Use a central counter + - `!source_address`: Count per source ip address + - `!source_address_trunc`: Same but truncate them before. Requires keys `v4` + and `v6` which control how many trailing bits are discarded respectively. + - `!path`: Count per path (excluding query) + - `!path_query`: Count per path (including query) + - `max_identities`: Always rejects requests if there are already more than + this many identites tracked. + - `thresholds`: A list of `[threshold, mode]` pairs that are checked and + conditionally executed in order. + - `!too_many_requests`: Responds with a empty request with 429 status code + and `Retry-After` header set. Later thresholds are not checked. + - `!exec `: Invokes a script like CGI would but expects no output. + - `next`: Inner handler. (module) + - **module `debug`** - Replies with information about the request to debug. Includes source address, HTTP version, method, URI and headers. -- cgit v1.2.3-70-g09d2