I want to limit the rate of requests to Confluence from any one IP address (I do not know the address ahead-of-time). We sometimes experience out-of-control applications that hit our wiki too much, negatively impacting response time for users. We would like to drop/discard/ignore excess requests.
Our wiki is not externally facing, so excess requests are always inadvertent rather than intentional.
You could just use nginx in front of it (or another proxy): http://nginx.org/en/docs/http/ngx_http_limit_req_module.html
Agree, that is another potential solution!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Even if the excessive requests are unintentional, you need to treat it like a denial of service attack. There are multiple ways to handle this and some depends on your networking environment.
If the users are habitual, you might be able to look in your logs to get their ip address and stop them from performing the negative effecting requests.
You might be able to pay for a service for a few months to weed out those users.
If you think you need a longer term solution, then you should install denial of service software within your network.
If you just want to effect the user as it is happening you could change the ip router on the confluence machine to null route that ip address since your case is not a full blown denial of service attack.
The command to use is dependent on your environment, but logically it should look something like
route add -host <ipaddr> reject
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thank you, Norman, I edited my question to be more clear.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Your question is too ambiguous. Are trying to solve your issue from receiving side or the sending side? Do you have any control (ie make modifications) to the code? Can you throw away the requests or must you queue the request for later processing?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.