mod_prison
Introduction
mod_prison limits the amount of requests a user can make in a given period of time based on defined rules.
Module Configuration
Description
conf/mod_prison/mod_prison.conf
Config Item | Description |
---|---|
Basic.ProductRulePath | String path of rule configuration |
Example
[Basic]
ProductRulePath = mod_prison/prison.data
Rule Configuration
Description
conf/mod_prison/prison.data
Config Item | Description |
---|---|
Version | String Version of config file |
Config | Object Prison rules for each product |
Config{k} | String Product name |
Config{v} | Array A ordered list of prison rules |
Config{v}[] | Object A prison rule |
Config{v}[].Cond | String Condition expression, See Condition |
Config{v}[].AccessSignConf | Object Conf of access sign which is the basis for judgment of same access |
Config{v}[].AccessSignConf.UseSocketIP | Boolean Whether using socket ip to generate access sign |
Config{v}[].AccessSignConf.UseClientIP | Boolean Whether using client ip to generate access sign |
Config{v}[].AccessSignConf.UseConnectID | Boolean Whether using connect id to generate access sign |
Config{v}[].AccessSignConf.UseUrl | Boolean Whether using url to generate access sign |
Config{v}[].AccessSignConf.UseHost | Boolean Whether using host to generate access sign |
Config{v}[].AccessSignConf.UsePath | Boolean Whether using path to generate access sign |
Config{v}[].AccessSignConf.UseHeaders | Boolean Whether using headers to generate access sign |
Config{v}[].AccessSignConf.UrlRegexp | String Substrings in url matching UrlRegexp which are used for generating access sign |
Config{v}[].AccessSignConf.[]Qeury | Array Qeury keys used for generating access sign |
Config{v}[].AccessSignConf.[]Header | Array Header keys used for generating access sign |
Config{v}[].AccessSignConf.[]Cookie | Array Cookie keys used for generating access sign |
Config{v}[].Action | Object Prison action if visits exceed the limit |
Config{v}[].Action.Cmd | String Name of prison action |
Config{v}[].Action.Params | Array Parameters of prison action |
Config{v}[].CheckPeriod | Integer Period of check time (second) |
Config{v}[].StayPeriod | Integer Period of prison time if visits exceed the limit (second) |
Config{v}[].Threshold | Integer Take action if exceeding threshold during specified CheckPeriod |
Config{v}[].AccessDictSize | Integer Size of LRU cache for access records |
Config{v}[].PrisonDictSize | Integer Size of LRU cache for prison records |
Actions
Action | Description |
---|---|
CLOSE | Close the connection |
FINISH | Return 403 response and close the connection |
PASS | Just forward request |
REQ_HEADER_SET | Set request header |
Example
{
"Version": "20190101000000",
"Config": {
"example_product": [{
"Name": "example_prison",
"Cond": "req_path_prefix_in(\"/prison\", false)",
"accessSignConf": {
"url": false,
"path": false,
"query": [],
"header": [],
"Cookie": [
"UID"
]
},
"action": {
"cmd": "CLOSE",
"params": []
},
"checkPeriod": 10,
"stayPeriod": 10,
"threshold": 5,
"accessDictSize": 1000,
"prisonDictSize": 1000
}]
}
}