Docker - Traefik - Ratelimiting

Docker
Page content

docker-compose.yml

let’s limit the Requests to 10 Req / 10 Seconds.

  whoami:
    image: containous/whoami
    labels:
      - "traefik.enable=true"
      - "traefik.http.middlewares.test-ratelimit.ratelimit.average=10"
      - "traefik.http.middlewares.test-ratelimit.ratelimit.burst=0"
      - "traefik.http.middlewares.test-ratelimit.ratelimit.period=10s"
      - "traefik.http.routers.whoami.middlewares=test-ratelimit@docker"
      - "traefik.http.routers.whoami.rule=Host(`whoami.your.domain.de`)"
      - "traefik.http.routers.whoami.tls.certresolver=letsencrypt"
      - "traefik.http.routers.whoami.tls=true"

restart container

docker compose -f docker-compose.yml up -d

Test Limiting with Curl

user@docker:~$ while true; do echo $(date); curl -s https://whoami.your.domain.de |grep "Too" ; sleep 0.1; done
Wed Oct 12 18:43:57 CEST 2022
Too Many Requests
Wed Oct 12 18:43:58 CEST 2022
Too Many Requests
Wed Oct 12 18:43:58 CEST 2022
Too Many Requests

Test Limit with hey, 10 Concurrent

100 Requests, 10 Concurrent, Wait 1 Second between Poll

hey -n 100 -c 10 -q 1 https://whoami.your.domain.de
...
Status code distribution:
  [200] 10 responses
  [429] 90 responses
...

Test Limit with hey, 5 Concurrent

100 Requests, 5 Concurrent, Wait 1 Second between Poll

hey -n 100 -c 5 -q 1 https://whoami.your.domain.de
...
Status code distribution:
  [200] 20 responses
  [429] 80 responses
...

Test Limit with hey, 2 Concurrent

100 Requests, 2 Concurrent, Wait 1 Second between Poll

hey -n 100 -c 2 -q 1 https://whoami.your.domain.de
...
Status code distribution:
  [200] 50 responses
  [429] 50 responses
...

Test Limit with hey, 1 Concurrent

100 Requests, 2 Concurrent, Wait 1 Second between Poll

hey -n 100 -c 1 -q 1 https://whoami.your.domain.de
...
Status code distribution:
  [200] 100 responses
...

Aggressively Rate Limit Login Page

if you wanna protect a (wordpress) login page, you could limit the it to 5 Logins / Minute with the following lines:

- traefik.http.routers.wordpress-login.rule=Host(`wordpress.your.domain.de`) && PathPrefix(`/wp-login.php`) && Method(`POST`)
- traefik.http.middlewares.wordpress-login-ratelimit.ratelimit.average=5
- traefik.http.middlewares.wordpress-login-ratelimit.ratelimit.burst=1
- traefik.http.middlewares.wordpress-login-ratelimit.ratelimit.period=1m
- traefik.http.routers.wordpress-login.middlewares=wordpress-login-ratelimit@docker
Any Comments ?

sha256: 073e5b3bc5d70488164877c460b31e0baabdb48452f4e37b19195e0b81351b58