Block

Scenario

• Suppose our service has been attacked from a specific IP, or a specific API (such as issuing a voucher) has been maliciously called; we want to block specified traffic, such as:
• block attack traffic comes from some fixed IP（2.2.2.2）
• block attack traffic targeted at some specific PATH（/bonus）

Configuration

Modify example configurations (conf/) as the following steps:

• Step 1. Modify conf/bfe.conf and enable mod_block

Modules = mod_block   #enable mod_block

• Step 2. Modify conf/mod_block/mod_block.conf and configure path of global ip blocklist and block rules

[basic]
ProductRulePath = mod_block/block_rules.data

IPBlocklistPath = mod_block/ip_blocklist.data

• Step 3. Configure global blocklist (conf/mod_block/ip_blocklist.data)

Config ip address list, such as 2.2.2.2

2.2.2.2

• Step 4. Configure block rules (conf/mod_block/block_rules.data)

{
    "Version": "init version",
    "Config": {
        "example_product": [{
            "action": {
                "cmd": "CLOSE",
                "params": []
            },
            "name": "block bonus",
            "cond": "req_path_in(\"/bonus\", false)"
        }]
    }
}

• Step 5. Verify configured rules

curl -v -H "host: example.org" "http://127.1:8080/bonus"

The connection will be closed by bfe immediately.