Skip to content

BFE mod_prison

mod_prison

Introduction

mod_prison limits the amount of requests a user can make in a given period of time based on defined rules.

Module Configuration

Description

conf/mod_prison/mod_prison.conf

Config Item	Description
Basic.ProductRulePath	String path of rule configuration

Example

[Basic]
ProductRulePath = mod_prison/prison.data

Rule Configuration

Description

conf/mod_prison/prison.data

Config Item	Description
Version	String Version of config file
Config	Object Prison rules for each product
Config{k}	String Product name
Config{v}	Array A ordered list of prison rules
Config{v}[]	Object A prison rule
Config{v}[].Cond	String Condition expression, See Condition
Config{v}[].AccessSignConf	Object Conf of access sign which is the basis for judgment of same access
Config{v}[].AccessSignConf.UseSocketIP	Boolean Whether using socket ip to generate access sign
Config{v}[].AccessSignConf.UseClientIP	Boolean Whether using client ip to generate access sign
Config{v}[].AccessSignConf.UseConnectID	Boolean Whether using connect id to generate access sign
Config{v}[].AccessSignConf.UseUrl	Boolean Whether using url to generate access sign
Config{v}[].AccessSignConf.UseHost	Boolean Whether using host to generate access sign
Config{v}[].AccessSignConf.UsePath	Boolean Whether using path to generate access sign
Config{v}[].AccessSignConf.UseHeaders	Boolean Whether using headers to generate access sign
Config{v}[].AccessSignConf.UrlRegexp	String Substrings in url matching UrlRegexp which are used for generating access sign
Config{v}[].AccessSignConf.[]Qeury	Array Qeury keys used for generating access sign
Config{v}[].AccessSignConf.[]Header	Array Header keys used for generating access sign
Config{v}[].AccessSignConf.[]Cookie	Array Cookie keys used for generating access sign
Config{v}[].Action	Object Prison action if visits exceed the limit
Config{v}[].Action.Cmd	String Name of prison action
Config{v}[].Action.Params	Array Parameters of prison action
Config{v}[].CheckPeriod	Integer Period of check time (second)
Config{v}[].StayPeriod	Integer Period of prison time if visits exceed the limit (second)
Config{v}[].Threshold	Integer Take action if exceeding threshold during specified CheckPeriod
Config{v}[].AccessDictSize	Integer Size of LRU cache for access records
Config{v}[].PrisonDictSize	Integer Size of LRU cache for prison records

Actions

Action	Description
CLOSE	Close the connection
FINISH	Return 403 response and close the connection
PASS	Just forward request
REQ_HEADER_SET	Set request header

Example

{
    "Version": "20190101000000",
    "Config": {
        "example_product": [{
            "Name": "example_prison",
            "Cond": "req_path_prefix_in(\"/prison\", false)",
            "accessSignConf": {
                "url": false,
                "path": false,
                "query": [],
                "header": [],
                "Cookie": [
                    "UID"
                ]
            },
            "action": {
                "cmd": "CLOSE",
                "params": []
            },
            "checkPeriod": 10,
            "stayPeriod": 10,
            "threshold": 5,
            "accessDictSize": 1000,
            "prisonDictSize": 1000
        }]
    }
}