Apply QS_ClientEventLimitCount exclude ips and context

[rafa]

Hello,

I want to apply this and have problems to exclude context and ip's :

QS_ClientEventLimitCount 300 1800 LimitAccess

But only to this context /example and without affect this ip 10.1.0.99

I try this but still affect to all context and ip's:

# defines a HTTP request header to read the client's source IP address 
QS_ClientIpFromHeader X-Forwarded-For
QS_VipIPUser  10.1.0.99
## disables connection restrictions for certain clients:
QS_SrvMaxConnExcludeIP 10.1.0.

# 300 times within an half hour:
SetEnvIf Request_URI "/example" LimitAccess
 QS_ClientEventLimitCount 500 1800 LimitAccess

I have try this to exclude this ip but still not sure if is going to work:

 # defines a HTTP request header to read the client's source IP address 
QS_ClientIpFromHeader X-Forwarded-F
SetEnvIf Request_URI "/example" LimitAccess
SetEnvIfExpr "-R '10.0.0.0/8'" !LimitAccess
QS_ClientEventLimitCount 500 1800 LimitAccess

¿can i exclude context and ips with directives QS_ClientEventLimitCount ?

Thanks in advance,

[Pascal Buchbinder]

I assume modsetenvif will process the directives in the order they appear in the file. Means unsettling the variable for known clients should work.

    SetEnvIf Request_URI "/example" LimitAccess
    SetEnvIfExpr "-R '10.0.0.0/8'" !LimitAccess

You could also clear the counter for your known clients by setting the LimitAccessClear variable.

But if you tell modqos to read the IP from a request header (QSClientIpFromHeader) you should ensure to tell modsetenif to do this as well. I assume modremoteip will do the job.

[rafa]

My bad,
finally this works.
.
.
.
SetEnvIf Request_URI "/example" LimitAccess
SetEnvIfExpr "-R '10.0.0.0/8'" !LimitAccess
QS_ClientEventLimitCount 500 1800 LimitAccess
thanks

[Rahul Sharma]

I solved it using the X-Forwarded-For instead of Remote_Addr

The problem was that Remote_Addr did not have the client IP so I had to use the X-Forwarded-For -

SetEnvIf X-Forwarded-For xxx.xxx.xxx.xxx !RepeatClientRequest

But I wonder how it worked for you when you are also using the X-Forwarded-For

QS_ClientIpFromHeader X-Forwarded-F

[Rahul Sharma]

I have been trying the exact same thing but its not working for me.
Can you please check?

Here's my config -

   # get client IP from HTTP request header instead of client IP
   QS_ClientIpFromHeader             X-Forwarded-For

   #set this counter on every access ( "/" below is the URL )
   SetEnvIf                   Request_URI / RepeatClientRequest
   SetEnvIf Remote_Addr 122.160.81.155 !RepeatClientRequest

   # no more than 2000 requests for any url in 5 minutes
   QS_ClientEventLimitCount          2000 300 RepeatClientRequest

   # deny a client IP for 30 minutes if its RepeatedlyAggressive
   QS_ClientEventLimitCount          3 1800 RepeatedlyAggressive
   QS_SetEnvIf    RepeatClientRequest_Counter=1000 RepeatedlyAggressive=1

This is the log -

[Thu Jun 27 08:46:45.352771 2024] [qos:error] [pid 31663:tid 31663] [client XXX.X.XXX.XX:6594] mod_qos(067): access denied, QS_ClientEventLimitCount rule: event=RepeatClientRequest, max=2000, current=2005, age=2, c=YYY.YYY.YY.YYY, id=Zn0m9VemM9pSpAwt0O8cmAAAAAU, referer: www.example.com/

Am I missing something?

[Pascal Buchbinder]

RemoteAddr is the IP address of the client (peer
X-Forwarded-For is a HTTP request header field which contains an IP address (often set by proxy servers).

[Rahul Sharma]

Thanks. I was able to solve it.

[Rahul Sharma]

@pbuchbinder

Do we need to do this

SetEnvIf X-Forwarded-For xxx.xxx.xxx.xxx !RepeatClientRequest

if we are using X-Forwarded-For?

QS_ClientIpFromHeader X-Forwarded-F