Rate Limiting

2026-04-25 13:50:16 +03:00
parent a8c3f1b887
commit 798e532dd7
2 changed files with 19 additions and 4 deletions
--- a/docker/traefik/dynamic_conf.yml
+++ b/docker/traefik/dynamic_conf.yml
@@ -26,18 +26,30 @@ http:
 #            - "SecRule REQUEST_URI \"@rx /admin\" \"id:101,phase:1,log,deny,status:403\""
            - "SecRule ARGS \"@rx (union|select|insert|drop|alter)\" \"id:102,phase:2,log,deny,status:403\""

+    api-ratelimit:
+      rateLimit:
+        average: 100
+        period: 1m
+        burst: 50
+
+    admin-ratelimit:
+      rateLimit:
+        average: 20
+        period: 1m
+        burst: 5
+
  routers:
    # REST API пользователей
    api:
      rule: "Host(`api.eventhub.local`)"
      entryPoints: ["web"]
-      middlewares: ["redirect-to-https", "waf"]
+      middlewares: ["redirect-to-https", "api-ratelimit", "waf"]
      service: "api"
    api-secure:
      rule: "Host(`api.eventhub.local`)"
      entryPoints: ["websecure"]
      tls: true
-      middlewares: ["waf"]
+      middlewares: ["api-ratelimit", "waf"]
      service: "api"

    # WebSocket пользователей (без WAF)
@@ -56,13 +68,13 @@ http:
    admin-api:
      rule: "Host(`admin.eventhub.local`)"
      entryPoints: ["web"]
-      middlewares: ["redirect-to-https", "waf"]
+      middlewares: ["redirect-to-https", "admin-ratelimit", "waf"]
      service: "admin-api"
    admin-api-secure:
      rule: "Host(`admin.eventhub.local`)"
      entryPoints: ["websecure"]
      tls: true
-      middlewares: ["waf"]
+      middlewares: ["admin-ratelimit", "waf"]
      service: "admin-api"

    # Админский WebSocket (без WAF)