Skip to content

mod_prison

Introduction

mod_prison limits the amount of requests a user can make in a given period of time based on defined rules.

Module Configuration

Description

conf/mod_prison/mod_prison.conf

Config Item Description
Basic.ProductRulePath String
path of rule configuraiton

Example

[Basic]
ProductRulePath = mod_prison/prison.data

Rule Configuration

Description

conf/mod_prison/prison.data

Config Item Description
Version String
Verson of config file
Config Object
Prison rules for each product
Config{k} String
Product name
Config{v} Array
A ordered list of prison rules
Config{v}[] Object
A prison rule
Config{v}[].Cond String
Condition expression, See Condition
Config{v}[].AccessSignConf Object
Conf of access sign which is the basis for judgment of same access
Config{v}[].AccessSignConf.UseSocketIP Boolean
Whether using socket ip to generate access sign
Config{v}[].AccessSignConf.UseClientIP Boolean
Whether using client ip to generate access sign
Config{v}[].AccessSignConf.UseConnectID Boolean
Whether using connect id to generate access sign
Config{v}[].AccessSignConf.UseUrl Boolean
Whether using url to generate access sign
Config{v}[].AccessSignConf.UseHost Boolean
Whether using host to generate access sign
Config{v}[].AccessSignConf.UsePath Boolean
Whether using path to generate access sign
Config{v}[].AccessSignConf.UseHeaders Boolean
Whether using headers to generate access sign
Config{v}[].AccessSignConf.UrlRegexp String
Substrings in url matching UrlRegexp which are used for generating acess sign
Config{v}[].AccessSignConf.[]Qeury Array
Qeury keys used for generating acess sign
Config{v}[].AccessSignConf.[]Header Array
Header keys used for generating acess sign
Config{v}[].AccessSignConf.[]Cookie Array
Cookie keys used for generating acess sign
Config{v}[].Action Object
Prison action if visits exceed the limit
Config{v}[].Action.Cmd String
Name of prison action
Config{v}[].Action.Params Array
Parameters of prison action
Config{v}[].CheckPeriod Integer
Period of check time (second)
Config{v}[].StayPeriod Integer
Period of prison time if visits exceed the limit (second)
Config{v}[].Threshold Integer
Take action if exceeding threshold during specified CheckPeriod
Config{v}[].AccessDictSize Integer
Size of LRU cache for access records
Config{v}[].PrisonDictSize Integer
Size of LRU cache for prison records

Actions

Action Description
CLOSE Close the connection
FINISH Return 403 response and close the connection
PASS Just forward request
REQ_HEADER_SET Set request header

Example

{
    "Version": "20190101000000",
    "Config": {
        "example_product": [{
            "Name": "example_prison",
            "Cond": "req_path_prefix_in(\"/prison\", false)",
            "accessSignConf": {
                "url": false,
                "path": false,
                "query": [],
                "header": [],
                "Cookie": [
                    "UID"
                ]
            },
            "action": {
                "cmd": "CLOSE",
                "params": []
            },
            "checkPeriod": 10,
            "stayPeriod": 10,
            "threshold": 5,
            "accessDictSize": 1000,
            "prisonDictSize": 1000
        }]
    }
}