Name | Synopsis | Description | Options | Examples | Exit Status | See Also
enable-request-limits <connect_options> [--echo|-e] [--no-prompt|-Q] [--verbose|-v] [--rps-compute-interval|-a i] [--continue-condition|-o {silence|threshold}] [--error-code|-d n] [--monitor-attribute|-m attr] [--max-rps|-r x|--max-connections|-x c] [--uri-pattern|-t pattern] --config|-c name --vs|-s vs-name
Use this command to enable the request limits.
For connect_options description, see help(1).
Specify this option to print this command on the standard output before executing. This option also prints the default value for all the non-mandatory options that you do not provide in the command.
If you specify this option, wadm will not prompt you for passwords while executing this command. Use this option if you have defined all passwords in a password file and specified the file using the --password-file connect_option.
Specify this option to display a verbose output.
Specify the time interval (in seconds) in which the average (request per second) RPS is computed. Note that max-rps limit will not be applied until the next request rate recomputation has occurred. This means that a potential attacker can have unlimited requests serviced until the initial interval runs out.
You can balance the length of this window of attack to the cost of frequent recomputations by adjusting the interval parameter. The default value is 30 seconds.
Specify the condition that must be met for a blocked request type to be available again for servicing. The values can be:
silence - refused requests must fall to zero (over a subsequent interval) for the service to resume.
threshold - refused request rate must fall below the RPS threshold for the service to resume.
The default value is threshold.
Specify the HTTP status code to use for blocked requests. The default is 503, "Service Unavailable".
Specify an optional request attribute that has to be monitored. Request rates are tracked in a "bucket" named by the value of this parameter. If the monitor parameter is not given, the matching requests are tracked in an unnamed (anonymous) bucket.
While the value of the monitor parameter can be a fixed string, it is most useful when given in terms of obj.conf variables.
For example, monitor="$ip". Note that you can also specify multiple variables.
Specify the threshold value for RPS. If this value is exceeded, subsequent connections will not serviced. There is no default value because an acceptable RPS threshold can vary widely between sites.
Specify the maximum number of concurrent connections. If a matching request is received while there are at least this many requests being processed, the request is rejected. As soon as concurrent requests fall below this limit, new ones will be processed.
Specify the URI pattern.
Specify the name of the configuration.
Specify the name of the virtual server.
wadm enable-request-limits --user=admin --host=serverhost --password-file=../admin.passwd --port=8989 --ssl=true --no-prompt --rcfile=null --config=config1 --vs=vs --max-connections=100 --continue-condition=silence --error-code=500 --uri-pattern=/foo* |
The following exit values are returned:
command executed successfully
error in executing the command
Name | Synopsis | Description | Options | Examples | Exit Status | See Also