I've been doing a lot of research into this module, as well as some
testing on a server of mine, in an attempt to gain some further
understanding of how to utilize this module. However, one of the
functions that has eluded me thus far is with VIP requests.
Here is how I attempted to start this:
set /wordpress/ as VIP traffic
SetEnvIf Request_URI /wordpress/ QS_VIPClient
now, we need to put a header on these requests so we can identify them as VIP traffic
QS_SetReqHeader qos_vip_client QS_VIPClient
and finally, we put VIP status to those headers on a per-IP basis
QS_VipIPHeaderName qos_vip_client
and let's label any other traffic as low-priority so we can set limits
QS_SetEnvIf !QS_VipRequest !QS_VIPClient QS_Event=1
let's only allow download speeds of 56Kbps
QS_EventKBytesPerSecLimit QS_Event 56
to avoid non-VIP traffic from attempting to DoS our site,
we are going to limit the amount of connections from low-priority requests to 5 per second
QS_ClientEventPerSecLimit 5
finally, in the event of a large influx of traffic, we are going to ensure that only VIP requests
are served when the server has less than 30% of connections available
QS_ClientPrefer 30
Here is an example from my Apache access logs to show that the URI
should be proper:
Now, as my understanding of this works, any traffic to the “/wordpress/”
URI would be labelled as VIP traffic, anything else would be low
priority (labelled as “QS_Event”) with a extreme bandwidth throttle,
only 5 allowed events per second, and only allowing VIP traffic when
less than 30% of connections are available. However, this does not seem
to work at all, as when I send a bunch of traffic to my site to the
“/wordpress/” URI, I eventually get blocked from the “QS_ClientPrefer”
setting:
If that is the case, then the server SHOULD be identifying my traffic as
low priority, but my download speeds are still unaffected, and I am
allowed to exceed the “QS_ClientEventPerSecLimit”:
So, just to test this (since maybe I misunderstand the configuration for
this), I decided to switch this to be my IP, as this should be a
cut-and-dry approach:
SetEnvIf Remote_Addr 1.2.3.4 QS_VipRequest=yes
With all other configs from the same left the same. Still no dice, since
I am once again denied access after a short time of throwing traffic to
my server as “not vip”:
My question is: am I misunderstanding how VIP requests are handled in
these examples? Do I have syntax errors somewhere? I would really
appreciate any help I can get in clarifying this, as I would like to
know what I am doing wrong if this is not a bug in the module itself.
Thanks.
Last edit: Adam V. 2013-07-16
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Nevermind, I think I figured out how to do what I was trying to accomplish here.
Harkening back to my example, and reading through these forums a bit, I came up with this configuration:
set requests within /wordpress/ as VIP traffic
SetEnvIf Request_URI /wordpress/.* QS_VipRequest=yes
and set everything else to another variable
SetEnvIf Request_URI /.* QS_Limit
now make sure to unset the previous variable for our VIP's
QS_SetEnvIf QS_VipRequest QS_Limit !QS_Limit
let's only allow download speeds of 56Kbps
QS_EventKBytesPerSecLimit QS_Limit 56
and limit the total number of requests per IP to 20 in 2 mins
since we unset the variable above, this limit is not active for VIP's
QS_ClientEventLimitCount 20 120
in addition, only 5 requests per second
QS_ClientEventPerSecLimit 5
finally, in the event of a large influx of traffic, we are going to ensure >that only VIP requests
are served when the server has less than 30% of connections available
QS_ClientPrefer 30
In order to actually accomplish the VIP labeling, you have to also unset the variable that would otherwise impact those users if their traffic would fall within the specs of that variable.
So, since VIP requests in "/wordpress/." would technically fall in the scope of the global "/.", I had to unset the "QS_Limit" variable in the event that the request was being made by a VIP. My mistake was thinking that this would happen automatically by virtue of the request being labeled VIP.
Last edit: Adam V. 2013-07-21
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hey guys,
I've been doing a lot of research into this module, as well as some
testing on a server of mine, in an attempt to gain some further
understanding of how to utilize this module. However, one of the
functions that has eluded me thus far is with VIP requests.
Here is how I attempted to start this:
Here is an example from my Apache access logs to show that the URI
should be proper:
Now, as my understanding of this works, any traffic to the “/wordpress/”
URI would be labelled as VIP traffic, anything else would be low
priority (labelled as “QS_Event”) with a extreme bandwidth throttle,
only 5 allowed events per second, and only allowing VIP traffic when
less than 30% of connections are available. However, this does not seem
to work at all, as when I send a bunch of traffic to my site to the
“/wordpress/” URI, I eventually get blocked from the “QS_ClientPrefer”
setting:
If that is the case, then the server SHOULD be identifying my traffic as
low priority, but my download speeds are still unaffected, and I am
allowed to exceed the “QS_ClientEventPerSecLimit”:
So, just to test this (since maybe I misunderstand the configuration for
this), I decided to switch this to be my IP, as this should be a
cut-and-dry approach:
With all other configs from the same left the same. Still no dice, since
I am once again denied access after a short time of throwing traffic to
my server as “not vip”:
My question is: am I misunderstanding how VIP requests are handled in
these examples? Do I have syntax errors somewhere? I would really
appreciate any help I can get in clarifying this, as I would like to
know what I am doing wrong if this is not a bug in the module itself.
Thanks.
Last edit: Adam V. 2013-07-16
Sorry for the shitty formatting on that by the way.
Nevermind, I think I figured out how to do what I was trying to accomplish here.
Harkening back to my example, and reading through these forums a bit, I came up with this configuration:
In order to actually accomplish the VIP labeling, you have to also unset the variable that would otherwise impact those users if their traffic would fall within the specs of that variable.
So, since VIP requests in "/wordpress/." would technically fall in the scope of the global "/.", I had to unset the "QS_Limit" variable in the event that the request was being made by a VIP. My mistake was thinking that this would happen automatically by virtue of the request being labeled VIP.
Last edit: Adam V. 2013-07-21